Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] "Get out of Jail Free"
From: Gregory Luckman <g.luckman () E-SECURE COM AU>
Date: Wed, 1 Nov 2000 11:10:09 +1100

Ensure that the CIO is easily available by phone for conformation during the
audit.  The intelligent integrator will assume that the letter is just a social
engineering attempt, and you don't want to be detained for a few hours until the
CIO is out of a meeting.


Quoting "Gallicchio, Florindo (2007)" <florindo.gallicchio () ESAVIO COM>:

In other words, the contract itself has the legal wording that gives us
permission to do the security assessment, and we get a separate document
our auditors to carry with them when they're doing the social
engineering/physical penetration test portion.  A clearly written
authorization letter from the client's CIO does the trick.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]