HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 121 guests and 2 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow "Get out of Jail Free" or Written Authorization document ?
EH-Net
February 10, 2012, 12:45:45 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: "Get out of Jail Free" or Written Authorization document ?  (Read 10163 times)
0 Members and 1 Guest are viewing this topic.
akira
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: January 12, 2010, 10:15:00 AM »
I am on the IR team at my company and I am the Forensic Analyst of the team. I have taken a few SANs courses and the instructors are always adamant that you get written documentation signed by your Legal Department that authorizes you to conduct analysis on corporate assets. My question is, Does anyone know where I can find a template or a starting point on this type of document?
I was under the impression that it is more for the analyst's protection so going to the company's legal department for the writing of the document seems like a bad idea.
Logged
aweSEC
Hero Member
*****
Offline Offline

Posts: 1089


View Profile
« Reply #1 on: January 12, 2010, 11:00:13 AM »
Welcome to EH-Net, akira.

Why do you think going to the legal department or any lawyer would be a bad idea for this? I am asking because I don't think using an existing template and modify it slightly in order to fit your needs better is still not enough to consider all possibilities which could happen and can't replace the process to get help from a lawyer at all.
Logged
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #2 on: January 12, 2010, 11:04:38 AM »
I've searched and searched.  I've searched previous threads here, NIST (http://csrc.nist.gov/) and everywhere in between.  I am positive I've heard of a template from Ed Skoudis, but darn if I can find it.  My recommendation would be to work with your legal department to work up the language.

Being that you are an internal team, I am not sure if you would require such a document.  I believe the document is more for 3rd party vendors, like penetration testers.  I'm not saying that it would not be helpful to have the information in writing, but it may be overkill.  I think what would be more important is making sure there are appropriate corporate policies which support your work.  You may want to talk to your CIO/CISO.
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 857



View Profile WWW
« Reply #3 on: January 13, 2010, 05:02:45 AM »
'Get out of jail free' can still be useful/important for internal terms. In addition to cya, it can also help establish the boundaries and business needs during an incident.

For example, in the event of a incident involving malware on the companies main web farm, can you pull the network to stop additional propogation? Or does the web presence have to remain up and operational at all costs, regardless of how much more difficult it makes containment?

CYA, applies both internal and external in my opinion, although could equally be in the form of a 'procedure' rather than a get out of jail document for internal scenarios.

And in answer to original question; sorry, don't know of any template available for a starting point, despite looking Sad
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
CMonkeyDO
Newbie
*
Offline Offline

Posts: 7



View Profile
« Reply #4 on: January 14, 2010, 11:43:15 AM »
Here's a link to Ed's template: www.counterhack.net/permission_memo.html.
« Last Edit: January 14, 2010, 11:44:48 AM by CMonkeyDO » Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 857



View Profile WWW
« Reply #5 on: January 20, 2010, 09:16:36 AM »
Thanks CMonkeyDO
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
akira
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #6 on: January 25, 2010, 12:44:20 PM »
Thank you CMonkeyDO.

And to everyone else. I wanted to have an idea of what other people were thinking when I went in to the legal department to discuss this.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.159 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge Training: Build Security Skills to Protect and Defend

offsec_130x200-2_jan-feb2012.png
Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.