of Engagement for the test Overview You were given a Request For Proposal (RFP) but it seems to be lacking enough details to determine what the client is requesting for a test. We will need to come up with some information and questions to discuss with the client to determine what exactly they are wanting. This will allow both the client and the tester to be on the same page prior to beginning any assessment. We will be building a Scope and Rules of Engagement (ROE) to determine what is in scope and the document that outlines specifics of the project and how it will occur. Below are some of the key points pulled from the RFP that was lacking a lot of details: The test is for CIT-E Corp with 2,000 employees located throughout the United States They want a penetration test from either an outside company or group within the company Minimize or eliminate business risks and exposures Overall goal is to ensure the appropriate security controls are implemented and functioning to preserve the confidentiality, integrity, and availability of the data they house and are responsible for. Tasks come up with a set of questions to help flush out more details to get further insight based on the information in the overview section. You will also come up with an industry / business that you would like to use for your example. Depending on the industry or business you may have to ask slightly different questions regarding the data and procedures that are followed. Example: businesses that process credit card information or businesses that deal with personal health information (PHI). Part 1: Questions to ask to get additional details Within your group, brainstorm and come up with 10 to 15 questions to ask the client regarding the industry / business to help flush out more details as well as getting a better defined scope and rules of engagement. Deliverable: Provide the list of questions as well as the type of industry/business that will be used. Part 2: Putting together the ROE and scope Based on some of the questions you came up with, determine a potential answer you might receive from the client. For this part you can divide your group to tackle this section or brainstorm together for answers based on the industry of business you selected. Come up with an updated scope and rules of engagement for the requested assessment. Deliverable: Provide the answers listed based on the previous questions that were documented. As well as providing an updated Scope and ROE that addresses that incorporates answers that were provided. Part 3: Research into RFP examples See if you can find 2 examples for a RFP for a company requesting a penetration test. Look out for good or vague points within the document that would need further clarification. An example would be requesting a penetration test but without exploiting, this statement doesn't sound like a true PenTest but possibly more along the lines of an audit or vulnerability assessment but we would need to clarify exactly what is meant by "wanting a PenTest". Deliverable: For this you will need to provide key elements and brief discussion of your findings as well as providing the source to where you found the examples. Please provide refence with full source link. DO this microsft word.