D484 PENETRATION TEST REPORT ASSIGNMENT FOR PENTEST WESTERN GOVERNORS’ UNIVERSITY

D484 PENETRATION TEST REPORT ASSIGNMENT FOR PENTEST WESTERN GOVERNORS’ UNIVERSITY
A. Evaluate the alignment between Western View Hospital’s goals, objectives, functions,
processes, and practices and the penetration testing engagement plan by doing the following:
2
1. Describe the client's goals, objectives, functions, processes, and practices.
Western View Hospital (WVH) is seeking a penetration test against security controls,
specifically within itsinformation environment. Thistest aimsto evaluate their susceptibility to
exploitation and data breaches. The function being tested is data management, especially
patient records/data, which is a key function of WVH. WVH utilizes Active Directory for
centralized management and McAfee for endpoint protection as their main practices.
2. Describe the structure of the penetration testing engagement plan (e.g.,scope, test type,
approach, technique).
The Penetration test plan includes both internal and external penetration testing, as well
as social engineering. The internal phase of the test will focus on finding vulnerabilities within
the internal network and attempting to compromise the McAfee server. The external phase is
assessing the susceptibility of WVH external facing assets. Social engineering through phone
phishing will evaluate the effectiveness of employee security awareness and response.
3. Identify any potential misalignments between the penetration testing engagement plan
and the company’s goals, objectives, functions, processes, and practices.
After examining the scope of work to be completed, a few misalignments were
annotated. The major misalignment that was noticed was the lack of compliance testing. The
scope of work does not specifically detail steps for ensuring compliance with HIPAA or other