Penetration Testing - Trust and Hiring

security windows linux audit

Pay one of the big companies to do it - it doesn't prevent that kind of thing from happening but you do get a degree of protection by doing so.


Basically, what steps should be taken when giving someone legal rights to hack-test your systems and network?

Have your company lawyer draw up a contract that takes away the reproductive organs of the contractor should they do anything shady with the data they acquire.
Such contracts usually include work-product clauses, non-disclosure agreements, and (to protect the contractor) an acknowledgement by your company that the penetration test is authorized and may result in outages/data loss.

Beyond that, a background check is a good start if you're hiring an individual.
If you know people in the pen-testing field you can always hire your friends (whom you presumably trust), otherwise hiring a large company like Chopper3 suggested is always an option (but be aware that many of these companies hire "reformed black-hats" because those are the folks with the skills).

Related

Capture network traffic simultaneously on three interfaces
How can I remount an NFS volume on Red Hat Linux?
Windows: How do I add a program to the system's path environmental variable from the command line?
Ubuntu - Supervisord and virtualenv
Rolling update with puppet, ansible or fabric
how to delete single nginx cache file?
What is the best way to see objects attributes in Active Directory?
Is it possible to audit the Amazon AWS console?
User not in sudoers, but still can use sudo
How to enable swap with salt stack?
What happens when DC cannot reach external time server?
Why does Chrome on 1 computer say my certificate is invalid/insecure? [duplicate]