When conducting a penetration test of an IT system, an organization should be MOST concerned
the confidentiality of the report.
finding all possible weaknesses on the system.
restoring all systems to the original state.
logging all changes made to the production system.
All suggested items should be considered by the system owner before agreeing to penetration tests,
but the most important task is to be able to restore all systems to their original state. Information
that is created and/or stored on the tested systems should be removed from these systems. If for
some reason, at the end of the penetration test, this is not possible, all files (with their location)
should be identified in the technical report so that the client’s technical staff will be able to remove
these after the report has been received.