When you hire someone/business to come in how can you be sure they won't have a rogue employee who will backdoor your systems? Is there a way you can trust anyone? How do big corporations do it? Seems with so many possible openings that the chance of someone going rogue is very possible.
Is it best to look into doing it yourself? Do you hire your own team so you can have a trust relationship?
Basically, what steps should be taken when giving someone legal rights to hack-test your systems and network?
Pay one of the big companies to do it - it doesn't prevent that kind of thing from happening but you do get a degree of protection by doing so.
Basically, what steps should be taken when giving someone legal rights to hack-test your systems and network?
Have your company lawyer draw up a contract that takes away the reproductive organs of the contractor should they do anything shady with the data they acquire.
Such contracts usually include work-product clauses, non-disclosure agreements, and (to protect the contractor) an acknowledgement by your company that the penetration test is authorized and may result in outages/data loss.
Beyond that, a background check is a good start if you're hiring an individual.
If you know people in the pen-testing field you can always hire your friends (whom you presumably trust), otherwise hiring a large company like Chopper3 suggested is always an option (but be aware that many of these companies hire "reformed black-hats" because those are the folks with the skills).
More or less the same way you'd evaluate any firm offering your company critical services - your same question could be put to lawyers, accountants, auditors, janitors, etc. Part of the selection process should involve reference checking (including criminal checks for employees) and confirmation that the appropriate levels of bonding and insurance are in place. A D&B (credit check) will also give a sense of how established the business may be. Finally, the nature of the contract between your company and your pen tester can define terms and penalties. Even with all of this it's important to make sure your business has appropriate levels of the right types of insurance - this is precisely the kind of thing that COO's and CFO's are supposed to be figuring out.
When hiring a penetration tester:
Here's a guide to hiring penetration testers. Enjoy.