Penetration Testing mailing list archives
Re: [PEN-TEST] Help defining job scope
From: Steven Kastl <skastl () NEOHAPSIS COM>
Date: Thu, 24 Aug 2000 13:09:09 -0500
On Wed, 23 Aug 2000, T. Barrick wrote:
Unless I have mis-interpreted what you said, you are basically looking for the same thing that our team is seeking from upper management - a "get out of jail free card." That said, I am curious how other members of this list in the corporate world, rather than the security consultancy side of the house (that is a separate discussion entirely) have dealt with this. Do others have this "get out of jail free card" written in a document, or is it just an assumed immunity or expectation of corporate backed defense should trouble arise?
You should have a written agreement stating the limitation of liability and, at a minimum, a loose definition of the project scope. The agreement can be drawn up either by your own lawyer/legal dept. or the client's lawyer/legal dept. Part of the contract negotiation project should include the haggling out of the contract terms and conditions. In the end, this somewhat equates to a "get out of jail free" so long as you have not violated the terms of the written agreement -- and it should stand up in any country where you are working with/at a client's office, since the original agreement was with the parent company. If you don't feel comfortable with that arrangement, or if you're just unsure of the realtionship between the offices, involve your legal resources to assess the situation (again, as part of the contract negotiation process). Understand that in the end, you're wrangling with legal issues pertaining to what you can do, what you must deliver, and what the company will allow you to do that would otherwise be illegal. Failure to involve a lawyer or legal dept. on either end is a grave error. The protection that such a document provides is for both parties. --Steve Kastl ========================================================================== skastl () neohapsis com | ==========================================================================
Current thread:
- [PEN-TEST] Help defining job scope Steven W. Smith (Aug 22)
- Re: [PEN-TEST] Help defining job scope Missy, E (Aug 23)
- Re: [PEN-TEST] Help defining job scope Drew Simonis (Aug 24)
- Re: [PEN-TEST] Help defining job scope T. Barrick (Aug 24)
- Re: [PEN-TEST] Help defining job scope Steven Kastl (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Help defining job scope Tonick, Mike (Aug 24)
- Re: [PEN-TEST] Help defining job scope Thomas Hayward (Aug 24)
- Re: [PEN-TEST] Help defining job scope Tonick, Mike (Aug 26)