EH-Net

Ethical Hacking Discussions and Related Certifications => Forensics => Topic started by: akira on January 12, 2010, 10:15:00 AM


Title: "Get out of Jail Free" or Written Authorization document ?
Post by: akira on January 12, 2010, 10:15:00 AM
I am on the IR team at my company and I am the Forensic Analyst of the team. I have taken a few SANs courses and the instructors are always adamant that you get written documentation signed by your Legal Department that authorizes you to conduct analysis on corporate assets. My question is, Does anyone know where I can find a template or a starting point on this type of document?
I was under the impression that it is more for the analyst's protection so going to the company's legal department for the writing of the document seems like a bad idea.


Title: Re: "Get out of Jail Free" or Written Authorization document ?
Post by: UNIX on January 12, 2010, 11:00:13 AM
Welcome to EH-Net, akira.

Why do you think going to the legal department or any lawyer would be a bad idea for this? I am asking because I don't think using an existing template and modify it slightly in order to fit your needs better is still not enough to consider all possibilities which could happen and can't replace the process to get help from a lawyer at all.

Title: Re: "Get out of Jail Free" or Written Authorization document ?
Post by: unsupported on January 12, 2010, 11:04:38 AM
I've searched and searched.  I've searched previous threads here, NIST (http://csrc.nist.gov/) and everywhere in between.  I am positive I've heard of a template from Ed Skoudis, but darn if I can find it.  My recommendation would be to work with your legal department to work up the language.

Being that you are an internal team, I am not sure if you would require such a document.  I believe the document is more for 3rd party vendors, like penetration testers.  I'm not saying that it would not be helpful to have the information in writing, but it may be overkill.  I think what would be more important is making sure there are appropriate corporate policies which support your work.  You may want to talk to your CIO/CISO.

Title: Re: "Get out of Jail Free" or Written Authorization document ?
Post by: Andrew Waite on January 13, 2010, 05:02:45 AM
'Get out of jail free' can still be useful/important for internal terms. In addition to cya, it can also help establish the boundaries and business needs during an incident.

For example, in the event of a incident involving malware on the companies main web farm, can you pull the network to stop additional propogation? Or does the web presence have to remain up and operational at all costs, regardless of how much more difficult it makes containment?

CYA, applies both internal and external in my opinion, although could equally be in the form of a 'procedure' rather than a get out of jail document for internal scenarios.

And in answer to original question; sorry, don't know of any template available for a starting point, despite looking :(

Title: Re: "Get out of Jail Free" or Written Authorization document ?
Post by: CMonkeyDO on January 14, 2010, 11:43:15 AM
Here's a link to Ed's template: www.counterhack.net/permission_memo.html.

Title: Re: "Get out of Jail Free" or Written Authorization document ?
Post by: Andrew Waite on January 20, 2010, 09:16:36 AM
Thanks CMonkeyDO

Title: Re: "Get out of Jail Free" or Written Authorization document ?
Post by: akira on January 25, 2010, 12:44:20 PM
Thank you CMonkeyDO.

And to everyone else. I wanted to have an idea of what other people were thinking when I went in to the legal department to discuss this.



Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com