I suggest that you find a lawyer fast. One who understands technology. What ever you come up, you need to make sure that you run it by what ever firm is handling your professional liablity insurance.
Oh, don't have have professional liablity insurance? Better think twice. The corp's can afford the legal talent, can you? Regards, DRH -----Original Message----- From: dumbwabbit [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 06, 2002 4:08 PM To: [EMAIL PROTECTED] Subject: Help with legal document - network probing agreement Hi all. I'm trying to become more involved with infosec as it pertains to independent consulting, network auditing, security advisor status etc. I have worked as CSO/MIS for a mid-sized firm for the last 2 years, and a small company for 3 years before that. My current job function at my full-time position involves extensive testing, probing, monitoring, implementing and researching network security. I have 2 friends who own ISPs (in partnership with others), and we have been discussing the possibilities of their using my services as an independent security consultant. What I need help with is information on how to compose valid legal documents which allow me to act in this capacity for them. I have no legal background to speak of, and we all want to make sure that we are covered in this aspect before we commence security analysis. We just want to make sure that we cover any potential issues regarding the legalities of my performing these types of network analysis for them. Could anyone on this list possibly provide me with any links to this type of legal document templates, policies, laws and anything else that we may need to know? I have tried searching Google, CERT, SANS and some other sites, but to no avail. Plenty of stuff on internal IT policies etc., but I haven't been able to find anything really specific to independent consulting. I would rather not even run a simple nmap probe etc. on their networks without CYA for all parties involved! Someone suggested to me that simple document stating: "I hereby authorize [consultant] to analyze and probe my networks for potential security issues, with the agreement that any information gathered will be kept strictly confidential amongst the involved parties." And then signed by all involved and notarized. Doesn't seem to be enough to me. Any helpful suggestions MOST appreciated! __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/