Assignment 1: Business Security Posture Due Week 3 and worth 90 points Company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs.  The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. You are called upon as a 3 rd  party penetration tester, based on your industry reputation of being both careful and thorough to report on company XYZ’s security posture. The only information available about the company is the generalized information found on its company Website which includes a contact page, home page, customer login portal, copyright and acceptable use page, and disclaimers page.   As an experienced penetration tester, you already have a collection of typical tools you use to conduct your tests ( at minimum, all the tools available in CEH labs for this course .) The end goal here is to report on company XYZ’s current security posture through performing penetration tests. Write a four to five (4-5) page paper in which you outline all steps you would take to provide company XYZ’s request. Include but do not limit yourself to the following: Determine the communications and questions that you need to ask the Manager of Security before beginning your work assignment. Determine the type of documents you would bring to your first meeting with the Manager of Security (i.e. documents to sign, to review, to consider). Explain chronologically when things happen. Predict what results are expected based on tools and techniques you use. For example, if a goal is to collect recon data, one might use the Nmap tool to perform a subnet scan. A similar scan can be conducted in your iLabs environment and the resulting data used as support in the form of screenshots when explaining your theories.   Evaluate the importance of the Nondisclosure Agreement (NDA) and other legal agreements to both parties.   Propose the main pre-penetration test steps that the penetration tester should perform before beginning the initial phases of the XYZ penetration test. Provide a rationale to support your proposal. Use at least three (3) quality resources in this assignment.  Note:  Wikipedia and similar Websites do not qualify as quality resources.  Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: Discuss the need for security analysis. Discuss the techniques and apply the tools to perform penetration tests. D.

1. Assignment 1: Business Security Posture
Due Week 3 and worth 90 points
Company XYZ, a mid-sized corporation, is in the middle of
satisfying their regulatory compliance needs. The manager of
security at the company has been tasked by the CIO (Chief
Information Officer) to report on the company’s current security
posture. You are called upon as a 3
rd
party penetration tester, based on your industry reputation of
being both careful and thorough to report on company XYZ’s
security posture. The only information available about the
company is the generalized information found on its company
Website which includes a contact page, home page, customer
login portal, copyright and acceptable use page, and disclaimers
page.
As an experienced penetration tester, you already have a
collection of typical tools you use to conduct your tests (
at minimum, all the tools available in CEH labs for this course
.) The end goal here is to report on company XYZ’s current
security posture through performing penetration tests.
Write a four to five (4-5) page paper in which you outline all
steps you would take to provide company XYZ’s request.
Include but do not limit yourself to the following:
Determine the communications and questions that you need to
ask the Manager of Security before beginning your work
assignment.
Determine the type of documents you would bring to your first
meeting with the Manager of Security (i.e. documents to sign, to
review, to consider).
Explain chronologically when things happen.
Predict what results are expected based on tools and techniques
you use. For example, if a goal is to collect recon data, one
might use the Nmap tool to perform a subnet scan. A similar

2. scan can be conducted in your iLabs environment and the
resulting data used as support in the form of screenshots when
explaining your theories.
Evaluate the importance of the Nondisclosure Agreement (NDA)
and other legal agreements to both parties.
Propose the main pre-penetration test steps that the penetration
tester should perform before beginning the initial phases of the
XYZ penetration test. Provide a rationale to support your
proposal.
Use at least three (3) quality resources in this assignment.
Note:
Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
Discuss the need for security analysis.
Discuss the techniques and apply the tools to perform
penetration tests.
Discuss and design a Demilitarized Zone (DMZ).
Use technology and information resources to research issues in
penetration testing tools and techniques.
Write clearly and concisely about Network Penetration Testing
topics, using proper writing mechanics and technical style
conventions.
Points: 90

3. Assignment 1:
Business Security Posture
Criteria
Unacceptable
Below 60% F
Meets Minimum Expectations
60-69% D
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Determine the communications and questions that you need to
ask the Manager of Security before beginning your work
assignment.
Weight: 10%
Did not submit or incompletely determined the communications
and questions that you need to ask the Manager of Security
before beginning your work assignment.
Insufficiently determined the communications and questions
that you need to ask the Manager of Security before beginning
your work assignment.
Partially determined the communications and questions that you
need to ask the Manager of Security before beginning your work
assignment.
Satisfactorily determined the communications and questions that
you need to ask the Manager of Security before beginning your
work assignment.
Thoroughly determined the communications and questions that
you need to ask the Manager of Security before beginning your

4. work assignment.
2. Determine the type of documents you would bring to your
very first meeting with the Manager of Security.
Weight: 10%
Did not submit or incompletely determined the type of
documents you would bring to your very first meeting with the
Manager of Security.
Insufficiently determined the type of documents you would
bring to your very first meeting with the Manager of Security.
Partially determined the type of documents you would bring to
your very first meeting with the Manager of Security.
Satisfactorily determined the type of documents you would
bring to your very first meeting with the Manager of Security.
Thoroughly determined the type of documents you would bring
to your very first meeting with the Manager of Security.
3. Explain chronologically when things happen.
Weight: 10%
Did not submit or incompletely explained chronologically when
things happen.
Insufficiently explained chronologically when things happen.
Partially explained chronologically when things happen.
Satisfactorily explained chronologically when things happen.
Thoroughly explained chronologically when things happen.
4. Predict what results are expected based on tools and
techniques you use.
Weight: 15%
Did not submit or incompletely predicted what results are
expected based on tools and techniques you use.
Insufficiently predicted what results are expected based on tools
and techniques you use.
Partially predicted what results are expected based on tools and
techniques you use.
Satisfactorily predicted what results are expected based on tools
and techniques you use.
Thoroughly predicted what results are expected based on tools
and techniques you use.

5. 5.
Evaluate the importance of the Nondisclosure Agreement (NDA)
and other legal agreements to both parties.
Weight: 20%
Did not submit or incompletely evaluated the importance of the
Nondisclosure Agreement (NDA) and other legal agreements to
both parties.
Insufficiently evaluated the importance of the Nondisclosure
Agreement (NDA) and other legal agreements to both parties.
Partially evaluated the importance of the Nondisclosure
Agreement (NDA) and other legal agreements to both parties.
Satisfactorily evaluated the importance of the Nondisclosure
Agreement (NDA) and other legal agreements to both parties.
Thoroughly evaluated the importance of the Nondisclosure
Agreement (NDA) and other legal agreements to both parties.
6.
Propose the main pre-penetration test steps that the penetration
tester should perform before beginning the initial phases of the
XYZ penetration test. Provide a rationale to support your
proposal.
Weight: 20%
Did not submit or incompletely proposed the main pre-
penetration test steps that the penetration tester should perform
before beginning the initial phases of the XYZ penetration test.
Did not submit or incompletely provided a rationale to support
your proposal.
Insufficiently
proposed the main pre-penetration test steps that the penetration
tester should perform before beginning the initial phases of the
XYZ penetration test. Insufficiently provided a rationale to
support your proposal.
Partially proposed the main pre-penetration test steps that the
penetration tester should perform before beginning the initial
phases of the XYZ penetration test. Partially provided a

6. rationale to support your proposal.
Satisfactorily proposed the main pre-penetration test steps that
the penetration tester should perform before beginning the
initial phases of the XYZ penetration test. Satisfactorily
provided a rationale to support your proposal.
Thoroughly proposed the main pre-penetration test steps that
the penetration tester should perform before beginning the
initial phases of the XYZ penetration test. Thoroughly provided
a rationale to support your proposal.
7. 3 references
Weight: 5%
No references provided
Does not meet the required number of references; all references
poor quality choices.
Does not meet the required number of references; some
references poor quality choices.
Meets number of required references; all references high quality
choices.
Exceeds number of required references; all references high
quality choices.
8. Clarity, writing mechanics, and formatting requirements
Weight: 10%
More than 8 errors present
7-8 errors present
5-6 errors present
3-4 errors present
0-2 errors present