Purpose

Scouting and scavenged information from a Network and Internet presence that can be analyzed as business intelligence.

Objective
Size and scope of the Internet presence

Task

1. A measurement of the security policy to future network plans
2. Tasks to perform for a thorough Competitive Intelligence Scouting
3. Map and measure the directory structure of the web servers
4. Map the measure the directory structure of the FTP servers
5. Examine the WHOIS database for business services relating to registered host names
6. Determine the IT cost of the Internet infrastructure based on OS, Applications, and Hardware.
7. Determine the cost of support infrastructure based on regional salary requirements for.
8. IT professionals, job postings, number of personnel, published resumes, and responsibilities
9. Measure the buzz (feedback) of the organization based on newsgroups, web boards, and industry feedback sites
10. Record the number of products being sold electronically (for download
11. Record the number of products found in P2P sources, wares sites, available cracks up to

Purpose

Privacy Review

Objective 

The privacy review is the focal point of the legal and ethical storage, transmission, and control of data based on employee and customer privacy. The use of this data is a concern to many private persons and legislation is unveiling specific rules regarding privacy. Although some of these laws are local, all of them apply to the Internet and therefore affect security testers internationally.

Expected Results

1.      List any disclosures
a.       List compliance failures between public policy and actual practice
b.       List systems involved in data gathering
c.       List data gathering techniques
d.       List data gathered
2.      Tasks to perform for a thorough Privacy Policy review
3.      Compare publicly accessible policy to actual practice
4.      Compare actual practice to regional fraud and privacy laws or compliancy
5.      Identify database type and size for storing data
6.      Identify data collected by the organization
7.      Identify storage location of data
8.      Identify cookie types
9.      Identify cookie expiration times
10.   Identify information stored in cookie
11.   Verify cookie encryption methods
12.   Identify server location of web bug(s)
13.   Identify web bug data gathered and returned to server

Outcomes

1. Compare publicly accessible policy to actual practice
2. Compare actual practice to regional fraud and privacy laws or compliancy
3. Identify database type and size for storing data
4. Identify data collected by the organization
5. Identify storage location of data
6. Identify cookie types
7. Identify cookie expiration times
8. Identify information stored in cookie
9. Verify cookie encryption methods
10. Identify server location of web bug(s)
11. Identify web bug data gathered and returned to server