RE: How to Tackle the Legal Tangle?
From: Steve (steve@securesolutions.org)Date: 09/10/01
- Previous message: Nathan Catlow: "Re: White Hat Hacking / Security Training in the UK"
- In reply to: Dan Ryan: "RE: How to Tackle the Legal Tangle?"
- Next in thread: Dom De Vitto: "RE: How to Tackle the Legal Tangle?"
- Next in thread: Sameer Saxena: "Re: How to Tackle the Legal Tangle?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <5.1.0.14.0.20010910162805.01cba658@www.securesolutions.org> Date: Mon, 10 Sep 2001 16:33:36 -0400 To: DanRyan@DanJRyan.com (Dan Ryan), <pen-test@securityfocus.com> From: Steve <steve@securesolutions.org> Subject: RE: How to Tackle the Legal Tangle?
I agree with Dan.
Most organizations will have spent the money to have a "Standard Terms &
Conditions" or "Letter of Understanding" drafted that can be attached to
proposals and used as a get out of jail free card. In general, I will not
start any work for a client, even if it is not a Pen-Test before they have
signed this document. This accomplishes two things (if the document is
drafted properly) it commits the clients to my proposal (and fees) and it
shows that the client accepts the dangers of performing certain
tasks. Also, be sure that the person signing the document is an authorized
signing agent for the client in question.
Its a pain in the ass, and lawyers are expensive but make sure that you
lawyer knows that you want the document to be general enough that you can
use it for any client with little modification.
Regards;
Steve Manzuik
Moderator - VulnWatch
www.vulnwatch.org
At 12:12 PM 10/09/2001 -0400, Dan Ryan wrote:
>Contracting for penetration testing is complex and, if not done with the
>assistance of expert counsel, can leave you at serious risk. Find a lawyer
>who understands both contracts and cyberlaw and listen carefully to his or
>her advice. This is no place for do-it-yourself.
>
>Daniel J. Ryan
>Attorney at Law
>
>-----Original Message-----
>From: Biju Mukund [mailto:bmukund@mielesecurity.com]
>Sent: Monday, September 10, 2001 12:14 AM
>To: pen-test@securityfocus.com
>Subject: How to Tackle the Legal Tangle?
>
>
>There is a lot of confusion on the Legal Documents that we need to sign and
>protect ourselves (I.e Pen Testing Company)before we accept a Assignment.
>Consultants and legal 'experts' dump loads of papers which no one really
>understands.
>Is any one aware of a web resource where one can find all/some documents
>which we might use before and after Pen-testing assignment?
>Or is there some one who can guide us on "How to Tackle the Legal Tangle?"
>
>Regards
>Biju Mukund
>
>BS 7799 Certified Auditor
>MIEL e-Security Pvt. Ltd
>bmukund@mielesecurity.com
>www.mielesecurity.com
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Nathan Catlow: "Re: White Hat Hacking / Security Training in the UK"
- In reply to: Dan Ryan: "RE: How to Tackle the Legal Tangle?"
- Next in thread: Dom De Vitto: "RE: How to Tackle the Legal Tangle?"
- Next in thread: Sameer Saxena: "Re: How to Tackle the Legal Tangle?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
