Re: Insurance

From: David Wray (davew@sec-tec.com)
Date: Tue Nov 26 2002 - 12:57:29 EST


HI Lisa

In our experience (In the UK at least), the Insurance side of pen testing is
much like the Legal side, i.e. you have to patiently explain to someone
that's never heard of pen testing what you do, why you do it, who you do it
for, the pitfalls of pen testing, the likely outcome, expected turnover etc
etc. We have also had to show our working practises, how we update the
testing, the CVs of the testers, our contracts etc etc.

Our "You missed something and we've been hacked" insurance is covered under
our Professional Indemnity insurance, as is our "You've just killed our
e-commerce platform and it won't restart" insurance. In my experience, it's
the experience and time served by your testing team that seems to have the
biggest swing on premiums. How much cover you get is a good question, it's
never enough!

Regards

Dave Wray
Sec-Tec Ltd
www.sec-tec.co.uk

----- Original Message -----
From: "Lisa Dokes" <securitylists@hotmail.com>

________________________________________________________________________
Sec-Tec Ltd, CLAS Government listed specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT