Re: Off Topic: Computer Security Contracts

Tue, 19 Jun 2001 22:17:09 -0700 

Thus spake Drew Einhorn:
> While there are many lists specializing in various computer security
> technologies, I haven't been able to find any specializing in the business
> of computer security.  If you know of a better place to ask this question,
> please tell me where.
> 
> I'm starting a computer security consulting business and would appreciate
> seeing examples of whatever contract boilerplate you may have.
> 
> I'm especially interested in sections where the client tells me they don't
> have any medical equipment, life support systems, avionics,
> industrial/laboratory process control equipment, nuclear power plants, ...
> (anything I'm not licensed, certified, can't afford the professional
> liability insurance for, etc) connected to their network.

I'd actually like to know this kind of thing too, since I'm
advertising a managed firewall service, even though I have no
customers currently (aside from for the businesses I run), I don't
actually have a contract of any sort written up.

> Sections analogous to a medical informed consent, where I tell the client
> that if they have a fragile system, it might break and need to be repaired
> in the course of testing and upgrading it's security.  Don't sue me.
> 
> Any other biggies, besides the what I'm going to do, and what it's going to
> cost.  I'd be surprised if the isn't one that I haven't thought of.

You can see what I'm proposing at
http://nakedape.cc/index.php3/managedfw.  I'm postitioning myself
as a fairly low-end service; a simple packet-filter and NAT system,
where I monitor the logs and run some port monitors (to watch for
scans, etc.) and intrusion detection software.  Actually, if you're
going to look at my service description anyway, I'd like opinions or
advice about it.  *shrug*

Wil
-- 
W. Reilly Cooley                           [EMAIL PROTECTED]
Naked Ape Consulting                        http://nakedape.cc
LNXS: Get 0.2.0-devel at http://sourceforge.net/projects/lnxs/
irc.openprojects.net                                     #lnxs

The verdict of a jury is the a priori opinion of that juror who smokes
the worst cigars.
                -- H. L. Mencken

PGP signature

Reply via email to