Re: What is your policy on customers particapating in a pen test?

• Previous message: mht: "Re: Voice over IP"
• In reply to: Joe Klein: "What is your policy on customers particapating in a pen test?"
• Next in thread: Ken Pfeil: "RE: What is your policy on customers particapating in a pen test?"
• Next in thread: GBH: "Re: What is your policy on customers particapating in a pen test?"
• Reply: Ken Pfeil: "RE: What is your policy on customers particapating in a pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have performed such with a representative present (but no touch).  The
better for at-the-time "Do you want me to...?"  (I did ask, they said
"NO!!!!!!!).  There is a chance of them terminating your test prior to
when YOU would, so watch the contractual conditions.  Helps with the
"Get out of jail free" if a rep is on hand...

V/R

Jim

Joe Klein wrote:
> 
> All:
> 
> I am hearing customers request ( and some times demand ) that they be part of a
> pen test.
> 
> Currently, we offer the customer 4 - 8 hours of time to review findings and show
> them what we did, to access there systems. But we do this after the pen test is
> complete.
> 
> I was wondering how other companies deal with this issue?
> 
> J

-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566

• Next message: Jose Nazario: "Re: Identifying Machines"
• Previous message: mht: "Re: Voice over IP"
• In reply to: Joe Klein: "What is your policy on customers particapating in a pen test?"
• Next in thread: Ken Pfeil: "RE: What is your policy on customers particapating in a pen test?"
• Next in thread: GBH: "Re: What is your policy on customers particapating in a pen test?"
• Reply: Ken Pfeil: "RE: What is your policy on customers particapating in a pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:44:55 PDT