Comment by austinheap
6 years ago
You're 100% correct. Having done multiple red teams I would never attempt to break into a building without 1) the CEO on call, 2) a notarized statement of work identifying my and the client's identity, and 3) notarized authorization from the landlord.
If a client refuses any of these then the physical pillar is quite simply off the table.
If the "physical pillar" is off the table, would you really feel confident giving any sort of certification of security?
Kinda like a mechanic saying "I checked the brakes, this car will definitely go for 100k miles without a breakdown"