Chapter 2. Planning Your Physical Penetration Tests
The first casualty of war is the plan.
—unknown
The goal of this chapter is to give you the knowledge to build the right team to carry out a physical penetration test. This is no small task; it involves assembling a team, designating appropriate roles, organizing preliminary research and being able to confidently plan the assignment from start to finish. There are also administrative and legal aspects to take into consideration. After the planning phase of the project is complete, your team members should know what is expected of them and, just as importantly, what to expect from the assignment. Work you put into the planning phase will be rewarded during execution.
There is an old joke that 'in theory, theory and practice are the same thing, but in practice they're not'. Touché. The important thing to remember during the planning phase is that nothing is, nor should be, set in stone. Your testing plan should be flexible enough to accommodate contingency arrangements should assumptions turn out to be incorrect or should circumstances you previously took for granted change. This chapter is drawn from my own experience planning physical penetration tests. My own methods have been tweaked over years of experience. You should draw from it or add to it as befits the individual requirements with your team.
When putting together an engagement scenario, you must consider the potential risks your client faces and what benefit physical ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
