Re: Help with legal document - network probing agreementFrom: Steve (email@example.com)
- Previous message: Kinsey, Robert: "RE: Security"
- In reply to: Robert Clark: "RE: Help with legal document - network probing agreement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 09 Jan 2002 11:21:17 -0700 From: Steve <firstname.lastname@example.org> To: email@example.com
If there is anything I am in the process of learning the hard way, GET
YOUR CONTRACTS CREATED/REVIEWED BY A LAWYER.
I know it is costly, but in the long term it will pay for itself.
Besides, you should be able to re-coup these costs with your billings.
Robert Clark wrote:
> I would consult with a corporate attorney, preferably one specializing
> in your particular expertise.
> > -----Original Message-----
> > From: dumbwabbit [mailto:firstname.lastname@example.org]
> > Sent: Sunday, January 06, 2002 3:08 PM
> > To: email@example.com
> > Subject: Help with legal document - network probing agreement
> > Hi all.
> > I'm trying to become more involved with infosec as it
> > pertains to independent consulting, network auditing,
> > security advisor status etc. I have worked as CSO/MIS
> > for a mid-sized firm for the last 2 years, and a small
> > company for 3 years before that.
> > My current job function at my full-time position
> > involves extensive testing, probing, monitoring,
> > implementing and researching network security.
> > I have 2 friends who own ISPs (in partnership with
> > others), and we have been discussing the possibilities
> > of their using my services as an independent security consultant.
> > What I need help with is information on how to compose
> > valid legal documents which allow me to act in this
> > capacity for them. I have no legal background to speak
> > of, and we all want to make sure that we are covered
> > in this aspect before we commence security analysis.
> > We just want to make sure that we cover any potential
> > issues regarding the legalities of my performing these
> > types of network analysis for them.
> > Could anyone on this list possibly provide me with any
> > links to this type of legal document templates,
> > policies, laws and anything else that we may need to
> > know?
> > I have tried searching Google, CERT, SANS and some
> > other sites, but to no avail. Plenty of stuff on
> > internal IT policies etc., but I haven't been able to
> > find anything really specific to independent
> > consulting.
> > I would rather not even run a simple nmap probe etc.
> > on their networks without CYA for all parties
> > involved!
> > Someone suggested to me that simple document stating:
> > "I hereby authorize [consultant] to analyze and probe
> > my networks for potential security issues, with the
> > agreement that any information gathered will be kept
> > strictly confidential amongst the involved parties."
> > And then signed by all involved and notarized. Doesn't
> > seem to be enough to me.
> > Any helpful suggestions MOST appreciated!
> > __________________________________________________
> > Do You Yahoo!?
> > Send FREE video emails in Yahoo! Mail!
> > http://promo.yahoo.com/videomail/