Penetration Testing mailing list archives
Re: Screening Process
From: Pete Herzog <lists () isecom org>
Date: Mon, 20 Apr 2009 17:19:24 +0200
Hi,
Has anyone ever tried penetration testing on the Screening & Hiring Process for employing new staff in your organisation? Do you have any sample test plans you used?
Years ago we offered a tool called Jack of All Trades on the ISECOM website that gave multiple scenarios for the candidate to think through. The types of results the candidate gave were indicative of the type of tester they would be. For example, did they only pick the obvious answers and stop or did they think outside the box? Did they know technical details or did they stick to pedestrian descriptions? And did they communicate effectively whether they knew the answers or not? We offered Jack as a hiring tool in the office and then reworked it and integrated it into the OPST and OPSA courses as exercises to get students thinking critically and creatively. In many places the OPST and OPSA are benchmarks of ability to test but the Jack exercises may still be useful in the hiring process. Of course, if you meant actually testing the HR department's hiring process as in sending a person through the interview to see how much info you can glean from them well then you should check out the Human Security testing portion of the OSSTMM. The updated "Jack" here: www.isecom.org/Jack_of_All_Trades.v2.pdf OSSTMM here: www.osstmm.org Sincerely, -pete. ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteTired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.
http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Screening Process iadcc (Apr 17)
- Re: Screening Process Stephen Mullins (Apr 18)
- Re: Screening Process Pete Herzog (Apr 21)
- <Possible follow-ups>
- Re: Screening Process darren . comeau (Apr 21)