If there is anything I am in the process of learning the hard way, GET YOUR CONTRACTS CREATED/REVIEWED BY A LAWYER.
I know it is costly, but in the long term it will pay for itself. Besides, you should be able to re-coup these costs with your billings. Robert Clark wrote: > I would consult with a corporate attorney, preferably one specializing > in your particular expertise. > > > -----Original Message----- > > From: dumbwabbit [mailto:[EMAIL PROTECTED]] > > Sent: Sunday, January 06, 2002 3:08 PM > > To: [EMAIL PROTECTED] > > Subject: Help with legal document - network probing agreement > > > > > > Hi all. > > > > I'm trying to become more involved with infosec as it > > pertains to independent consulting, network auditing, > > security advisor status etc. I have worked as CSO/MIS > > for a mid-sized firm for the last 2 years, and a small > > company for 3 years before that. > > > > My current job function at my full-time position > > involves extensive testing, probing, monitoring, > > implementing and researching network security. > > > > I have 2 friends who own ISPs (in partnership with > > others), and we have been discussing the possibilities > > of their using my services as an independent security consultant. > > > > What I need help with is information on how to compose > > valid legal documents which allow me to act in this > > capacity for them. I have no legal background to speak > > of, and we all want to make sure that we are covered > > in this aspect before we commence security analysis. > > We just want to make sure that we cover any potential > > issues regarding the legalities of my performing these > > types of network analysis for them. > > Could anyone on this list possibly provide me with any > > links to this type of legal document templates, > > policies, laws and anything else that we may need to > > know? > > I have tried searching Google, CERT, SANS and some > > other sites, but to no avail. Plenty of stuff on > > internal IT policies etc., but I haven't been able to > > find anything really specific to independent > > consulting. > > I would rather not even run a simple nmap probe etc. > > on their networks without CYA for all parties > > involved! > > Someone suggested to me that simple document stating: > > "I hereby authorize [consultant] to analyze and probe > > my networks for potential security issues, with the > > agreement that any information gathered will be kept > > strictly confidential amongst the involved parties." > > And then signed by all involved and notarized. Doesn't > > seem to be enough to me. > > > > Any helpful suggestions MOST appreciated! > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send FREE video emails in Yahoo! Mail! > > http://promo.yahoo.com/videomail/ > > > >
