Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Papers prior to pen-test

from [Bud Gordon] Network Security [Permanent Link]
Subject: RE: Papers prior to pen-test
Date: Tue, 19 Sep 2006 17:06:33 -0400 
I am no lawyer, but how about this?

Memorandum for File

Subject: Information Technology Security Testing Authorization

Date: MMDDYY

To properly secure its information technology assets, the <Company> is
required to assess its security stance periodically by conducting
information security testing.  These activities involve testing
<Company> computer systems to discover vulnerabilities present on these
systems. Only with knowledge of these vulnerabilities can the <Company>
apply security fixes or other compensating controls to improve the
security of the <Company> information infrastructure.

It is understood that information security testing involves manipulating
system processes and services, and that this process may cause a host to
become unstable.  Even though the likelihood of a system failure is
small, critical or sensitive data should be backed up prior to testing.

The purpose of this memo is to grant authorization <pen tester> to
conduct security testing of the <Company>'s assets.  To that end, the
undersigned attests to the following:

1) The personnel named below have permission to scan / test the
<Company>'s computer equipment to find vulnerabilities.  This permission
is granted for from [date] until [date]. 

2) <CIO> has the authority to grant this permission for testing the
organization's Information Technology assets.

Bud


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Maxime Ducharme
Sent: Tuesday, September 19, 2006 11:47 AM
To: pen-test@securityfocus.com
Subject: Papers prior to pen-test


Hello guys

I'm looking for examples of a kind of "contract" prior
to a pen-test, I mean writing down responsabilities
for each parties before doing a pen-test in case anything
goes wrong.

Any ideas ?

TIA
 
Maxime Ducharme



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  White paper release: Bypassing network access control (NAC) systems, Ofir Arkin
Next by Date:  RE: Re: Penetration Testing work effort, Herb Steck
Previous by Thread:  Papers prior to pen-test, Maxime Ducharme
Next by Thread:  RE: Papers prior to pen-test, jgervacio
Indexes:  [Date] [Thread] [Top] [All Lists]