As the CIO/CISO, the main differences that distinguish an ethical hacker from an attacker is that the ethical hacker signs an agreement with you and your organization. The ethical hacker follows the agreement and does not exceed the limit of his authorization. They should maintain confidentiality and follow ethical standards at all times. Based on these rules of engagement, discuss the three phases of the security assessment: scoping the assessment, performing the assessment, and post-assessment activities. Identify the activities for each phase and challenges that the ethical hacker might face in each step for your organization.