Nt1310 Unit 6 Paper

When looking at security of your network first you must determine what laws and regulations you must abide by. Being a police department do you have information stored in your database that would be considered ePHI from when a inmate was treated then you may fall under HIPAA. Do you take credit card for payment of violations? If so you may be required to protect data under SOX or PCI. You must know what data you have and how you must protect it. Are you required to report to the public or the court if your data is breeched? If so at what level or detail?

When proceeding with a Penetration test you must specifically authorize access to X party for conducting Y testing on your network. You should specifically lay out details of what the test will include and not include. When it will be done. What systems they will attempt to breech, what indicators will be done to prove the breech. This will protect both you and the Pen testing company incase something happens during the test or in the future. If a report showing how exactly they breeched your network was released to an outside party and they
If your HQ is in Indiana but the Internet ingress you are wishing them to attack is location in California and the person doing the work is in New Jersey you may have multiple state laws that need to be taken into account. Just because ingress is in California they may be touching computer at the HQ via the network. Each state may or may not have laws regarding accessing a network via a hack. No matter how you look at it this is a forced entry into a company's network, yes you asked them to do it but they still must abide by laws or ensure that they have proper documentation from you the company in regards to this. This becomes even more of an issue if you or they are located in another