I would consult with a corporate attorney, preferably one specializing in your particular expertise.
> -----Original Message----- > From: dumbwabbit [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 06, 2002 3:08 PM > To: [EMAIL PROTECTED] > Subject: Help with legal document - network probing agreement > > > Hi all. > > I'm trying to become more involved with infosec as it > pertains to independent consulting, network auditing, > security advisor status etc. I have worked as CSO/MIS > for a mid-sized firm for the last 2 years, and a small > company for 3 years before that. > > My current job function at my full-time position > involves extensive testing, probing, monitoring, > implementing and researching network security. > > I have 2 friends who own ISPs (in partnership with > others), and we have been discussing the possibilities > of their using my services as an independent security consultant. > > What I need help with is information on how to compose > valid legal documents which allow me to act in this > capacity for them. I have no legal background to speak > of, and we all want to make sure that we are covered > in this aspect before we commence security analysis. > We just want to make sure that we cover any potential > issues regarding the legalities of my performing these > types of network analysis for them. > Could anyone on this list possibly provide me with any > links to this type of legal document templates, > policies, laws and anything else that we may need to > know? > I have tried searching Google, CERT, SANS and some > other sites, but to no avail. Plenty of stuff on > internal IT policies etc., but I haven't been able to > find anything really specific to independent > consulting. > I would rather not even run a simple nmap probe etc. > on their networks without CYA for all parties > involved! > Someone suggested to me that simple document stating: > "I hereby authorize [consultant] to analyze and probe > my networks for potential security issues, with the > agreement that any information gathered will be kept > strictly confidential amongst the involved parties." > And then signed by all involved and notarized. Doesn't > seem to be enough to me. > > Any helpful suggestions MOST appreciated! > > > > __________________________________________________ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > >
