Before Penetration Setting

Prior to a penetration test...

Getting permission
A discussion with the client establishes the following:
1. The type of penetration test
a. physical access or just remote access?
b. social engineering allowed?
c. covert or overt
2. Rules of Engagement
a. What is off limits
b. Threat model (insider threat, ex-employee, outsider,
c. Specified targets
3. Timeline
4. What to expect from the report