On Fri, 15 Oct 1999, Frank Pawlak wrote:
> I am considering entering the InfoSec field as an independent
> consultant. My question is what kind of legal liabilities are general
> encountered during the course of work? Is there Insurance available,
> like a type of mal-practice insurance?
Personally I just use the ICCA type contract and that's it. I'm sure you
can play both ways, either slip by without any legal back-up, or if you
have the resources, definitely leverage them for added reassurance for the
client. That's what they're wanting is peace-of-mind. I'm not responsible
for the continued functioning of a system after a contract unless it's in
the contract. Just like anything else, N hours programming, X hardware
installed, N hours consulting, etc... not guarantees that you will protect
them from harm forever... I find that the client just needs to "trust you"
in the short-term, only over a long-term relationship can they really get
a feel for the impact you're making on their operations. These guys should
have their own incident insurance, what the hell, a security consultant is
not an insurance broker!
;)
[EMAIL PROTECTED]
http://web.zencor.org/~sol
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
