HI Lisa In our experience (In the UK at least), the Insurance side of pen testing is much like the Legal side, i.e. you have to patiently explain to someone that's never heard of pen testing what you do, why you do it, who you do it for, the pitfalls of pen testing, the likely outcome, expected turnover etc etc. We have also had to show our working practises, how we update the testing, the CVs of the testers, our contracts etc etc. Our "You missed something and we've been hacked" insurance is covered under our Professional Indemnity insurance, as is our "You've just killed our e-commerce platform and it won't restart" insurance. In my experience, it's the experience and time served by your testing team that seems to have the biggest swing on premiums. How much cover you get is a good question, it's never enough! Regards Dave Wray Sec-Tec Ltd www.sec-tec.co.uk ----- Original Message ----- From: "Lisa Dokes" <securitylistsat_private> ________________________________________________________________________ Sec-Tec Ltd, CLAS Government listed specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 16:24:18 PST