RE: Starting up: What contracts, agreements, waivers, etc do you use?

• Previous message: bartholomewbj_at_comcast.net: "Re: Starting up: What contracts, agreements, waivers, etc do you use?"
• Maybe in reply to: anonyguard-pentest_at_yahoo.com: "Starting up: What contracts, agreements, waivers, etc do you use?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Jun 2004 08:50:08 +0200
To: <pen-test@securityfocus.com>

Hi all,

In helping set up the documentation for our new security testing team,
we found the OSSTMM manual very helpful... specifically the rules of
engagement.
Take a look here... http://www.isecom.org/osstmm/

-----Original Message-----
From: Yonatan Bokovza

We usually sign Non-Disclosure Agreements, so the client is assured his
sensitive
information is safe with us.
The client is also signed on a legal paper saying we take no
responsibility for any
loss that occurs due to the penetration-test, though we promise to do
our best to
minimize it.
As for the liability issue you mentioned, I know there are insurance
solutions for
that.
 
Regards,
Yonatan Bokovza
Senior IT Security Consultant, CISSP
Xpert Systems
 

        -----Original Message-----
        From: anonyguard-pentest@yahoo.com
        
        

        Hello, everyone. I'm looking at the possibility of
        striking out on my own with a network vulnerability
        assessment / penetration test consulting firm. My
        question is more towards the administrative side of the
        business, rather than the technical. For those of you
        who do this kind of consulting, what sorts of contracts,
        statements of work or other legal documents do you use
        with your customers? I'm particularly concerned about
        the liability issue of probing and/or breaking into
        other peoples' networks. What sort of waivers do you
        ask your customers to sign, or what reasonable amount
        of liability are you willing to accept?

• Previous message: bartholomewbj_at_comcast.net: "Re: Starting up: What contracts, agreements, waivers, etc do you use?"
• Maybe in reply to: anonyguard-pentest_at_yahoo.com: "Starting up: What contracts, agreements, waivers, etc do you use?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Penetration test of 1 IP address ... regards to carrying out the actual testing phase of the engagement so I will ... "I have been asked to perform a security audit of 1 IP address for client." ... If I enter the IP address and then /webblaze, I am taken to a login page ... (Pen-Test) Re: Calling David Copeland regarding .local convention ... the clients who are least willing to pay for documentation ... > the first consultant should've been nailed for not documenting their work. ... If I was told this by the client I'd ... > People have a tendency to blame others before blaming themselves - that's ... (microsoft.public.windows.server.sbs) RE: Re: pentest documentation ... Also with this type of documentation make sure that the client has given ... capture the output of any scanning tools you use. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: Calling David Copeland regarding .local convention ... He's going to learn the hard way, or hopefully hire a new consultant. ... If I was told this by the client I'd no ... documentation I wrote demonstrating that I'm not an idiot. ... GOD BLESS AMER, er, THE INTERNET. ... (microsoft.public.windows.server.sbs) Re: How to "turn-off" auto-increment between two text columns ... Dave Morgan ... I have a very opinionated, read stubborn, client who won't just take my ... Thanks in advance for any help on the documentation. ... This is a documented "feature" of doing data entry directly in the ... (microsoft.public.access.forms)