Re: Insurance

["David Wray" <davew () sec-tec com>]

HI Lisa

In our experience (In the UK at least), the Insurance side of pen testing is
much like the Legal side, i.e. you have to patiently explain to someone
that's never heard of pen testing what you do, why you do it, who you do it
for, the pitfalls of pen testing, the likely outcome, expected turnover etc
etc. We have also had to show our working practises, how we update the
testing, the CVs of the testers, our contracts etc etc.

Our "You missed something and we've been hacked" insurance is covered under
our Professional Indemnity insurance, as is our "You've just killed our
e-commerce platform and it won't restart" insurance. In my experience, it's
the experience and time served by your testing team that seems to have the
biggest swing on premiums. How much cover you get is a good question, it's
never enough!


Regards

Dave Wray
Sec-Tec Ltd
www.sec-tec.co.uk

----- Original Message -----
From: "Lisa Dokes" <securitylists () hotmail com>




________________________________________________________________________
Sec-Tec Ltd, CLAS Government listed specialists in information security professional services. Visit 
http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus 
contamination. However, we recommend that all recipients also scan this message.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/