-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would say first cover yourself with loads of permissions! Make sure you have a point of contact that knows what you are doing from the company your testing. Have a waiver stating that services or systems may become damaged during a pen-test or if they are unwilling to let you "go at it" look at limiting your scope. Also, make sure the company is proactive and have current backups of everything before you begin your test. It's much easier to recover when everything is current. TEST THE BACKUPS!!! The insurance should cover the after effects. "Errors and Omissions" coverage for starters. Also, see if you can be Bonded before you go and buy insurance. Bonding is for a specific job and is far cheaper than keeping yourself covered when you are not testing. Hope this helps. - -- Shawn Duffy, CISSP GCIH Principle Security Analyst NCI Information Systems, Inc. McLean, VA 22102 http://www.nciinc.com - -----Original Message----- From: Lisa Dokes [mailto:securitylistsat_private] Sent: Monday, November 25, 2002 1:29 PM To: pen-testat_private Subject: Insurance Folks: When conducting a vulnerability assessment or pentration test for a client, what type of liability insurance do most of you have? I'd really appreciate some pointers on who to buy insurance from, and what type of policy I'm askinf for. Any additional expereinces you folks could share with me on insurance would be much appreciated. Thanks! Lisa _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - ---------------------------------------------------------------------- - ------ This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPePK3M9b0XjZv5u0EQKKjQCgw9hB+5oO0IQW9j9iW8+aj9HVTW8An0QC CZa8XIIRzso5wDJousA2nHoL =hWGk -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 05:01:12 PST