Assessment Scoping Questionnaire

SOClogix > Assessment Scoping Questionnaire

Scoping Questionnaire

Please fill out this questionnaire so that SOClogix can better understand the type of assessment that you are requesting and the size and scope of the assessment.

Please answer the questions as accurately as possible as any incomplete or missing information may result in the delay of service.

Not all questions will be applicable to each assessment. Please input 'N/A' to any questions that do not require an answer.

Completing and submitting this form is not an authorization for SOClogix to conduct the assessment. This questionnaire is part of our pre-engagement process.

If you have any other questions or need assistance with this form please contact soc@soclogix.com

Thank you,
SOClogix Team

Only select one.

Company and Contact Information

Enter the following contact information for the company/organization requesting a Vulnerability Scan and/or Penetration Test.

If you are a Reseller or Partner, the Contact Person can be someone from your company and not the client whom this assessment is for.

Previous History

Please input historical information regarding the below.

Assessment Details

Check all that apply.
When should active portions (scanning, enumeration, exploitation, etc.) of the penetration test be conducted? (check all that apply) Please note that devices need to be powered on and connected to the network in order to be included in the assessment.

Is the penetration test required for a specific compliance requirement (HIPAA, FINRA, PIC, etc.)?

General Network Information

Approximately how many onsite devices are on your network? This number includes desktops, laptops, servers, printers, network devices, VOIP phones, and IoT devices (thermostats, POS systems, Ring doorbells, etc.).
Approximately how many onsite devices are part of your organization but not at any office or network location? This number includes desktops, laptops, servers, printers, network devices, VOIP phones, and IoT devices (thermostats, POS systems, Ring doorbells, etc.).
What server technologies does your organization use?
What database technologies does your organization use?
Please list all other exclusions and their IP, hostname, and/or domain name. ie. Cloud Servers, websites, etc.

Cloud Server Penetration Testing

Amazon, Microsoft, and Google do not require notification before conducting penetration testing of servers hosted in their cloud environments.

The following sources are references regarding the Penetration Testing of cloud-based environments and are listed here for the benefit of the Penetration Tester:
https://learn.microsoft.com/en-us/azure/security/fundamentals/pen-testing
https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement
https://aws.amazon.com/security/penetration-testing/
https://support.google.com/cloud/answer/6262505