Specifications include, but are not limited to: Penetration testing is the process of identifying security vulnerabilities in a system or network so they can be remediated. The penetration tests play a vital role in finding and patching security flaws. The penetration tester vendor will be responsible for up to forty (40) enrolled companies in the CyberSafe Hawaii Program and finding their security vulnerabilities, including determining which penetration testing method(s) is/are best suited to the situation. Vendor shall work with enrolled companies using the process of penetration testing to find each enrolled company’s cyber-security vulnerabilities. The following steps shall be included in the penetration testing exercises: 2.2.1 Planning: The planning phase focuses on assessing risk and documenting a testing plan. Vendor shall work with enrolled companies to identify the assets they need to protect, inventorying information technology systems (including cloud services and mobile devices) and identifying the highest risk systems. Penetration testing shall be at minimum performed on the highest risk systems, though medium and low risk systems may be included time permitting. A test plan, including attack strategy, must be documented and approved by an authorized representative of the enrolled company...
