RE: Papers prior to pen-test
- From: "Bud Gordon" <bud.gordon@xxxxxxxxxx>
- Date: Tue, 19 Sep 2006 17:06:33 -0400
I am no lawyer, but how about this?
Memorandum for File
Subject: Information Technology Security Testing Authorization
Date: MMDDYY
To properly secure its information technology assets, the <Company> is
required to assess its security stance periodically by conducting
information security testing. These activities involve testing
<Company> computer systems to discover vulnerabilities present on these
systems. Only with knowledge of these vulnerabilities can the <Company>
apply security fixes or other compensating controls to improve the
security of the <Company> information infrastructure.
It is understood that information security testing involves manipulating
system processes and services, and that this process may cause a host to
become unstable. Even though the likelihood of a system failure is
small, critical or sensitive data should be backed up prior to testing.
The purpose of this memo is to grant authorization <pen tester> to
conduct security testing of the <Company>'s assets. To that end, the
undersigned attests to the following:
1) The personnel named below have permission to scan / test the
<Company>'s computer equipment to find vulnerabilities. This permission
is granted for from [date] until [date].
2) <CIO> has the authority to grant this permission for testing the
organization's Information Technology assets.
Bud
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Maxime Ducharme
Sent: Tuesday, September 19, 2006 11:47 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Papers prior to pen-test
Hello guys
I'm looking for examples of a kind of "contract" prior
to a pen-test, I mean writing down responsabilities
for each parties before doing a pen-test in case anything
goes wrong.
Any ideas ?
TIA
Maxime Ducharme
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- Follow-Ups:
- Re: Papers prior to pen-test
- From: Eoin
- RE: Papers prior to pen-test
- From: jgervacio
- Re: Papers prior to pen-test
- References:
- Papers prior to pen-test
- From: Maxime Ducharme
- Papers prior to pen-test
- Prev by Date: White paper release: Bypassing network access control (NAC) systems
- Next by Date: RE: Re: Penetration Testing work effort
- Previous by thread: Papers prior to pen-test
- Next by thread: RE: Papers prior to pen-test
- Index(es):
Relevant Pages
|
|
