RE: Insurance

From: SDuffyat_private
Date: Tue Nov 26 2002 - 11:23:06 PST

Next message: svetsanjat_private: "Lotus Notes"

Previous message: David Barnett: "Re: Lotus Notes"
Maybe in reply to: Lisa Dokes: "Insurance"
Next in thread: Tom: "Re: Insurance"
Next in thread: Howard518at_private: "Re: Insurance"
Reply: Tom: "Re: Insurance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would say first cover yourself with loads of permissions!  Make
sure you have a point of contact that knows what you are doing from
the company your testing.  Have a waiver stating that services or
systems may become damaged during a pen-test or if they are unwilling
to let you "go at it" look at limiting your scope.

Also, make sure the company is proactive and have current backups of
everything before you begin your test.  It's much easier to recover
when everything is current.  TEST THE BACKUPS!!!

The insurance should cover the after effects.  "Errors and Omissions"
coverage for starters.
Also, see if you can be Bonded before you go and buy insurance. 
Bonding is for a specific job and is far cheaper than keeping
yourself covered when you are not testing.

Hope this helps.

- --
Shawn Duffy, CISSP GCIH
Principle Security Analyst
NCI Information Systems, Inc.
McLean, VA 22102
http://www.nciinc.com





- -----Original Message-----
From: Lisa Dokes [mailto:securitylistsat_private]
Sent: Monday, November 25, 2002 1:29 PM
To: pen-testat_private
Subject: Insurance


Folks:

When conducting a vulnerability assessment or pentration test for a
client, 
what type of liability insurance do most of you have?  I'd really
appreciate 
some pointers on who to buy insurance from, and what type of policy
I'm 
askinf for.

Any additional expereinces you folks could share with me on insurance
would 
be much appreciated.

Thanks!

Lisa





_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail


- ----------------------------------------------------------------------
- ------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPePK3M9b0XjZv5u0EQKKjQCgw9hB+5oO0IQW9j9iW8+aj9HVTW8An0QC
CZa8XIIRzso5wDJousA2nHoL
=hWGk
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: svetsanjat_private: "Lotus Notes"
Previous message: David Barnett: "Re: Lotus Notes"
Maybe in reply to: Lisa Dokes: "Insurance"
Next in thread: Tom: "Re: Insurance"
Next in thread: Howard518at_private: "Re: Insurance"
Reply: Tom: "Re: Insurance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 05:01:12 PST