RE: Insurance

From: SDuffy@NCIINC.com
Date: Tue Nov 26 2002 - 14:23:06 EST

• Next message: Mathias Wegner: "Re: Cisco UBR920 cable router - SNMP to change telnet passwords?"
• Previous message: Wolf, Glenn: "Cisco UBR920 cable router - SNMP to change telnet passwords?"
• Maybe in reply to: Parisi, Robert: "Insurance"
• Next in thread: Tom: "Re: Insurance"
• Reply: Tom: "Re: Insurance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would say first cover yourself with loads of permissions! Make
sure you have a point of contact that knows what you are doing from
the company your testing. Have a waiver stating that services or
systems may become damaged during a pen-test or if they are unwilling
to let you "go at it" look at limiting your scope.

Also, make sure the company is proactive and have current backups of
everything before you begin your test. It's much easier to recover
when everything is current. TEST THE BACKUPS!!!

The insurance should cover the after effects. "Errors and Omissions"
coverage for starters.
Also, see if you can be Bonded before you go and buy insurance.
Bonding is for a specific job and is far cheaper than keeping
yourself covered when you are not testing.

Hope this helps.

- --
Shawn Duffy, CISSP GCIH
Principle Security Analyst
NCI Information Systems, Inc.
McLean, VA 22102
http://www.nciinc.com

- -----Original Message-----
From: Lisa Dokes [mailto:securitylists@hotmail.com]
Sent: Monday, November 25, 2002 1:29 PM
To: pen-test@securityfocus.com
Subject: Insurance

Folks:

When conducting a vulnerability assessment or pentration test for a
client,
what type of liability insurance do most of you have? I'd really
appreciate
some pointers on who to buy insurance from, and what type of policy
I'm
askinf for.

Any additional expereinces you folks could share with me on insurance
would
be much appreciated.

Thanks!

Lisa

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

- ----------------------------------------------------------------------
- ------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPePK3M9b0XjZv5u0EQKKjQCgw9hB+5oO0IQW9j9iW8+aj9HVTW8An0QC
CZa8XIIRzso5wDJousA2nHoL
=hWGk
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Mathias Wegner: "Re: Cisco UBR920 cable router - SNMP to change telnet passwords?"
• Previous message: Wolf, Glenn: "Cisco UBR920 cable router - SNMP to change telnet passwords?"
• Maybe in reply to: Parisi, Robert: "Insurance"
• Next in thread: Tom: "Re: Insurance"
• Reply: Tom: "Re: Insurance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT