Don't know if this will help you, but I was looking for some legal stuff recently and got a lot out of the FindLaw site for students. This link is particular to the journals and law reviews that deal with technology. There could be something for you there....
http://stu.findlaw.com/journals/ip_and_cyberspace.html -Laura -----Original Message----- From: dumbwabbit [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 06, 2002 4:08 PM To: [EMAIL PROTECTED] Subject: Help with legal document - network probing agreement Hi all. I'm trying to become more involved with infosec as it pertains to independent consulting, network auditing, security advisor status etc. I have worked as CSO/MIS for a mid-sized firm for the last 2 years, and a small company for 3 years before that. My current job function at my full-time position involves extensive testing, probing, monitoring, implementing and researching network security. I have 2 friends who own ISPs (in partnership with others), and we have been discussing the possibilities of their using my services as an independent security consultant. What I need help with is information on how to compose valid legal documents which allow me to act in this capacity for them. I have no legal background to speak of, and we all want to make sure that we are covered in this aspect before we commence security analysis. We just want to make sure that we cover any potential issues regarding the legalities of my performing these types of network analysis for them. Could anyone on this list possibly provide me with any links to this type of legal document templates, policies, laws and anything else that we may need to know? I have tried searching Google, CERT, SANS and some other sites, but to no avail. Plenty of stuff on internal IT policies etc., but I haven't been able to find anything really specific to independent consulting. I would rather not even run a simple nmap probe etc. on their networks without CYA for all parties involved! Someone suggested to me that simple document stating: "I hereby authorize [consultant] to analyze and probe my networks for potential security issues, with the agreement that any information gathered will be kept strictly confidential amongst the involved parties." And then signed by all involved and notarized. Doesn't seem to be enough to me. Any helpful suggestions MOST appreciated! __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/