Penetration Testing mailing list archives
RE: Insurance
From: SDuffy () NCIINC com
Date: Tue, 26 Nov 2002 14:23:06 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would say first cover yourself with loads of permissions! Make sure you have a point of contact that knows what you are doing from the company your testing. Have a waiver stating that services or systems may become damaged during a pen-test or if they are unwilling to let you "go at it" look at limiting your scope. Also, make sure the company is proactive and have current backups of everything before you begin your test. It's much easier to recover when everything is current. TEST THE BACKUPS!!! The insurance should cover the after effects. "Errors and Omissions" coverage for starters. Also, see if you can be Bonded before you go and buy insurance. Bonding is for a specific job and is far cheaper than keeping yourself covered when you are not testing. Hope this helps. - -- Shawn Duffy, CISSP GCIH Principle Security Analyst NCI Information Systems, Inc. McLean, VA 22102 http://www.nciinc.com - -----Original Message----- From: Lisa Dokes [mailto:securitylists () hotmail com] Sent: Monday, November 25, 2002 1:29 PM To: pen-test () securityfocus com Subject: Insurance Folks: When conducting a vulnerability assessment or pentration test for a client, what type of liability insurance do most of you have? I'd really appreciate some pointers on who to buy insurance from, and what type of policy I'm askinf for. Any additional expereinces you folks could share with me on insurance would be much appreciated. Thanks! Lisa _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - ---------------------------------------------------------------------- - ------ This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPePK3M9b0XjZv5u0EQKKjQCgw9hB+5oO0IQW9j9iW8+aj9HVTW8An0QC CZa8XIIRzso5wDJousA2nHoL =hWGk -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Insurance Lisa Dokes (Nov 26)
- Re: Insurance David Wray (Nov 27)
- Re: Insurance mis (Nov 27)
- <Possible follow-ups>
- Insurance Parisi, Robert (Nov 26)
- RE: Insurance SDuffy (Nov 26)
- Re: Insurance Tom (Nov 27)
- Re: Insurance Howard518 (Nov 28)
- Re: Insurance David Wray (Nov 27)