A company hires a cybersecurity professional to perform penetration tests to assess government regulation compliance. Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints, including quality of work, timelines, and cost?
- statement of work (SOW)
- service-level agreement (SLA)
- non-disclosure agreement (NDA)
- master service agreement (MSA)
Explanation & Hint: A service-level agreement (SLA) is a well-documented expectation or constraint related to one or more of the penetration testing service’s minimum and maximum performance measures (such as quality, timeline, and cost). |