Re: Security Consultants
From: White Hat (nope@non.com)
Date: 02/25/03
- Next message: Jeff Pettorino: "Re: Security"
- Previous message: Jeff Pettorino: "Re: WARNING: Bogus Update emailed out in Microsoft's Name"
- In reply to: Gerry Schneider: "Re: Security Consultants"
- Next in thread: Alexander Delarge: "Re: Security Consultants"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "White Hat" <nope@non.com> Date: Mon, 24 Feb 2003 16:33:14 -0700
Nothing against Hackers4Hire (or National Computer Security Company as
seems to be the company name), but you might want to take a good close look
at them first. One must keep in mind that if anything, digital security
companies must produce credentials at the same or hirer level than Physical
security comapnies. Would Lockheed-Martin hire "Billy Bob's Security and
Janitor Service" or any one of the companies listed at google's web
directory...
http://directory.google.com/Top/Business/Business_Services/Security/Consulta
nts/
Now, this is a good concept with Hackers4Hire, but one must really consider
the complete depth of what is at stake. They certainly serve a niche of the
market, and they are the ONLY company I have seen that does so, but are they
right for your company? You have to ask yourself: will utilizing only their
services live up to excercising Due-Care for your clients? If they fall
short and you get breached and are found to be liable to others, will it
have been worth it?
Hackers4Hire has an interesting D-N-D agreement:
** copied from http://www.hackers4hire.com/Info/Report.htm, please see their
site for actual content, as this may have changed since I posted it **
=============================
Do-Not-Disclose Agreement
For the Web based attack
Using only your URL, we analyze and overcome your security measures.
By ordering the "Web Based Attack" service this becomes a legal agreement
between you (either an individual or a single entity) and the National
Computer Security Company and / or its Sub-Contractors (herby referred to as
"NCSC"). NCSC Herby affirms that any information attained by part of the
"Web Based Attack" service, either physical or informative in nature, shall
not be retained or disclosed for any reason. If NCSC is found to violate
this agreement, you may seek punitive damages not exceeding $500.00 (Five
hundred United States Dollars) per incident, to be mediated in a Municipal
Court in the State of Colorado.
==============================
$500 per incident? You must be joking...many larger companies pay that much
to take Security Consultant vendors to lunch while negotiating contracts.
Now for smaller setups, Mom-and-Pop.com, this might be great. If Uncle Joe
is selling fly-fishin-lures at $2.95 a pop and gets cracked (and you can
trace it to their abuse), then that's a great D-N-D agreement. In my
opinion of a Security consultant gives up the goods on my network and I get
cracked, they are getting sued for everything they are worth times 10.
Think 'bonded'. Would you hire a guy who works out of the back of his truck
as a locksmith to re-key your building?
Gerry, please take a careful look at the scope of your organization and
web-presence, and find an appropriately equivalent Security vendor. If
Hackers4Hire.com falls in that range, outstanding. But if not, keep
looking.
"Gerry Schneider" <ASears00@hotmail.com> wrote in message
news:26b0ea6.0302232238.1027b07@posting.google.com...
> Thanks I've scheduled with Hackers4Hire.com, I'll let you know how it
goes.
>
> Gerry
- Next message: Jeff Pettorino: "Re: Security"
- Previous message: Jeff Pettorino: "Re: WARNING: Bogus Update emailed out in Microsoft's Name"
- In reply to: Gerry Schneider: "Re: Security Consultants"
- Next in thread: Alexander Delarge: "Re: Security Consultants"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
