Pen-Test requirements

[bigsteff_itsec () yahoo com]

I am chartered with having a connection pen-tested. I'm trying to 
determine the requirements for a statement of work for outsourcing.

The objective of the pen-test is to validate technical controls that 
prevent unauthorized access to and from our network.

Does anyone have a standard SOW for this type of testing?


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------