Firewall Wizards mailing list archives
Re: Security clauses for contracts
From: Matt Curtin <cmcurtin () interhack net>
Date: 22 May 2002 17:41:20 -0400
"Scott, Richard" <Richard.Scott () BestBuy com> writes:
1. Alice will provide copies of their security and privacy policies to Bob.
There's an inherent problem here where Bob is hiring Alice for security work that includes policy. That's hardly unheard-of among readers of this list. That is, Bob could just get Alice's policies, and then decide not to go through with the deal, opting instead to model his own policies after "what he's seen around". Solving this problem might be a straightforward matter of signing some kind of letter of intent, and that failure to negotiate security and privacy concerns could nuke the deal.
It is especially important that you state how you want security to be handled internally. Data segregation, data encryption, VPN standards... and more.
Things can get pretty complicated when dealing with various organizations that have different notions of access control. An organization that puts everything into some mandatory access control scheme might have difficulty negotiating protection terms with an organization whose notion of access control is tied to the ability to find stuff in Bob's office. :-) -- Matt Curtin Interhack Corp +1 614 545 HACK http://web.interhack.com/ Author, Developing Trust: Online Privacy and Security (Apress, 2001) Knight, Lambda Calculus | Certum quod factum. --Giovanni Battista Vico _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Security clauses for contracts, (continued)
- Re: Security clauses for contracts Adam Shostack (May 22)
- RE: Security clauses for contracts Fred Kreitzberg (May 21)
- Re: Security clauses for contracts Frederick M Avolio (May 21)
- Re: Security clauses for contracts t (May 23)
- Re: Security clauses for contracts Adam Shostack (May 23)
- Re: Security clauses for contracts Matt Curtin (May 26)
- Re: Security clauses for contracts t (May 23)
- Re: Security clauses for contracts Avishai Wool (May 21)
- Re: Security clauses for contracts R. DuFresne (May 22)
- Re: Security clauses for contracts Dave Piscitello (May 22)
- RE: Security clauses for contracts Scott, Richard (May 22)
- Re: Security clauses for contracts Matt Curtin (May 23)