HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow "Get out of Jail Free" or Written Authorization document ?
EH-Net
May 18, 2013, 03:41:38 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: "Get out of Jail Free" or Written Authorization document ?  (Read 11547 times)
0 Members and 1 Guest are viewing this topic.
akira
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: January 12, 2010, 10:15:00 AM »
I am on the IR team at my company and I am the Forensic Analyst of the team. I have taken a few SANs courses and the instructors are always adamant that you get written documentation signed by your Legal Department that authorizes you to conduct analysis on corporate assets. My question is, Does anyone know where I can find a template or a starting point on this type of document?
I was under the impression that it is more for the analyst's protection so going to the company's legal department for the writing of the document seems like a bad idea.
Logged
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #1 on: January 12, 2010, 11:00:13 AM »
Welcome to EH-Net, akira.

Why do you think going to the legal department or any lawyer would be a bad idea for this? I am asking because I don't think using an existing template and modify it slightly in order to fit your needs better is still not enough to consider all possibilities which could happen and can't replace the process to get help from a lawyer at all.
Logged
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #2 on: January 12, 2010, 11:04:38 AM »
I've searched and searched.  I've searched previous threads here, NIST (http://csrc.nist.gov/) and everywhere in between.  I am positive I've heard of a template from Ed Skoudis, but darn if I can find it.  My recommendation would be to work with your legal department to work up the language.

Being that you are an internal team, I am not sure if you would require such a document.  I believe the document is more for 3rd party vendors, like penetration testers.  I'm not saying that it would not be helpful to have the information in writing, but it may be overkill.  I think what would be more important is making sure there are appropriate corporate policies which support your work.  You may want to talk to your CIO/CISO.
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #3 on: January 13, 2010, 05:02:45 AM »
'Get out of jail free' can still be useful/important for internal terms. In addition to cya, it can also help establish the boundaries and business needs during an incident.

For example, in the event of a incident involving malware on the companies main web farm, can you pull the network to stop additional propogation? Or does the web presence have to remain up and operational at all costs, regardless of how much more difficult it makes containment?

CYA, applies both internal and external in my opinion, although could equally be in the form of a 'procedure' rather than a get out of jail document for internal scenarios.

And in answer to original question; sorry, don't know of any template available for a starting point, despite looking Sad
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
CMonkeyDO
Newbie
*
Offline Offline

Posts: 7



View Profile
« Reply #4 on: January 14, 2010, 11:43:15 AM »
Here's a link to Ed's template: www.counterhack.net/permission_memo.html.
« Last Edit: January 14, 2010, 11:44:48 AM by CMonkeyDO » Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #5 on: January 20, 2010, 09:16:36 AM »
Thanks CMonkeyDO
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
akira
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #6 on: January 25, 2010, 12:44:20 PM »
Thank you CMonkeyDO.

And to everyone else. I wanted to have an idea of what other people were thinking when I went in to the legal department to discuss this.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.072 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.