Penetration Testing mailing list archives
Re: Insurance
From: Howard518 () aol com
Date: Wed, 27 Nov 2002 17:52:43 -0500
Whilst the Company wants assessments and Penetration tests, It's down to the Supplier providing the Service of penetration testing to make sure that the client sees a Conformity Letter stating that whilst the Supplier is providing the penetrations tests the supplier will not be liable for any acts towards the systems they are pen - testing. The client must sign this as part of the proposal deal, if they don't it's down to the supplier if they want to proceed with the assessment knowing they could be liable. As we all know even when not attaching any testing equipment or even touching the infrastructure, the client will always point the finger at you when something goes wrong. Big Blue when generating proposals make sure that the client signs a non disclosure and "get out of jail free letter" in case of problems such as penetration( Hacking) testing ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Insurance Lisa Dokes (Nov 26)
- Re: Insurance David Wray (Nov 27)
- Re: Insurance mis (Nov 27)
- <Possible follow-ups>
- Insurance Parisi, Robert (Nov 26)
- RE: Insurance SDuffy (Nov 26)
- Re: Insurance Tom (Nov 27)
- Re: Insurance Howard518 (Nov 28)
- Re: Insurance David Wray (Nov 27)