I am afraid that anyone or any company that would guarantee something like
this is acting in folly. Anyone who would ask for such a thing definitely
does not understand what they are asking. Educate them or walk away.. very
very fast. The science it called Threat management.... Not threat
elimination..... Just like Life and the Lottery, there are no guarantees
you will win. What I can guarantee, is that someone, some time will win the
lottery.... so that blows the deal right?
How is this for a concept.... instead of selling a guarantee that your
network is safe from breach, how about selling them on a service that says
that you will work towards being technically competent and up to date with
all the latest hacker stuff and not do anything stupid, and be available in
case there is a fire they need put out. After all, isn't that why they put
lawyers on retainer?
Yea right, only a lawyer would be able to sell you on that one.....
-----Original Message-----
From: Sol [mailto:[EMAIL PROTECTED]]
Sent: Saturday, October 16, 1999 3:46 AM
To: Frank Pawlak
Cc: [EMAIL PROTECTED]
Subject: Re: InfoSec Consultant Liability Question
On Fri, 15 Oct 1999, Frank Pawlak wrote:
> I am considering entering the InfoSec field as an independent
> consultant. My question is what kind of legal liabilities are general
> encountered during the course of work? Is there Insurance available,
> like a type of mal-practice insurance?
Personally I just use the ICCA type contract and that's it. I'm sure you
can play both ways, either slip by without any legal back-up, or if you
have the resources, definitely leverage them for added reassurance for the
client. That's what they're wanting is peace-of-mind. I'm not responsible
for the continued functioning of a system after a contract unless it's in
the contract. Just like anything else, N hours programming, X hardware
installed, N hours consulting, etc... not guarantees that you will protect
them from harm forever... I find that the client just needs to "trust you"
in the short-term, only over a long-term relationship can they really get
a feel for the impact you're making on their operations. These guys should
have their own incident insurance, what the hell, a security consultant is
not an insurance broker!
;)
[EMAIL PROTECTED]
http://web.zencor.org/~sol
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
