1.3. Legal and Procedural Issues
International law applicable to security testing is covered in Appendices A and B. However, this overview should at least get you thinking about the legal issues you need to take into consideration.
Most clients expect – and rightly so – a penetration team to be insured before they even consider hiring them. Although I'm not going to point you in the direction of any particular insurance providers, you must possess errors and omissions coverage, at a minimum. The coverage required varies from region to region and is governed by rules laid out in specific jurisdictions.
Indemnity insurance is highly recommended. Insurance companies may want to know a little about your team members before signing off a policy. Such information could include medical backgrounds and almost certainly will include details of criminal offences (i.e. they expect to find none) as well as professional histories. None of this should be a concern because you performed background vetting on your team prior to hiring them. (Didn't you?)
When hiring a penetration testing team, be sure they are insured. This will help ensure that necessary background tests have been performed on the team you hire to access what could be private information.
1.3.1. Security Clearances
When performing penetration tests of any kind for either central government or the military, team members need to hold security clearances. The following information is specific to the United Kingdom although the ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
