Firewall Wizards mailing list archives
Off-Topic: Memo of Understanding for Using an Ethical Hacker
From: Bruce Platt <Bruce () ei3 com>
Date: Wed, 25 Aug 2004 17:30:11 -0400
Without starting a huge flaming thread ... Have any of you used a "Memo of Understanding" or "Contract" (shudder) when asked to do some "ethical hacking" for a company on their resources, systems, and networks? I'd like to skip over the topic of Certification for Ethical Hackers and get to the issue of what one might want to include in such a document to protect both oneself and the company. What comes to mind quickly are many of the same sorts of indemnifications, hold-harmless, and liability issues which would apply for a non security related consulting agreement, but with the various sorts of damage which can be done by mistake or carelessness and so forth when asking one to assess a company's security profile, I would think that some of you might have used a document with which you are comfortable in the past, or have a pointer to one. I know what I have done when I was a full-time employee within my own company, but have yet to find a document which seems comfortable for use with an external consultant. (And no, I am not looking to start yet another new career :-) sigh ) Thanks and regards Bruce _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Off-Topic: Memo of Understanding for Using an Ethical Hacker Bruce Platt (Aug 26)
- Re: Off-Topic: Memo of Understanding for Using an Ethical Hacker Kerry Thompson (Aug 27)
- Re: Off-Topic: Memo of Understanding for Using an Ethical Hacker Paul D. Robertson (Aug 28)
- Re: Off-Topic: Memo of Understanding for Using an Ethical Hacker Devdas Bhagat (Aug 28)
- Re: Off-Topic: Memo of Understanding for Using an Ethical Hacker Matt Curtin (Aug 28)