.

"Get out of Jail Free" or Written Authorization document ?

<<

akira

Newbie
Newbie

Posts: 2

Joined: Mon Jan 11, 2010 11:36 am

Post Tue Jan 12, 2010 11:15 am

"Get out of Jail Free" or Written Authorization document ?

I am on the IR team at my company and I am the Forensic Analyst of the team. I have taken a few SANs courses and the instructors are always adamant that you get written documentation signed by your Legal Department that authorizes you to conduct analysis on corporate assets. My question is, Does anyone know where I can find a template or a starting point on this type of document?
I was under the impression that it is more for the analyst's protection so going to the company's legal department for the writing of the document seems like a bad idea.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jan 12, 2010 12:00 pm

Re: "Get out of Jail Free" or Written Authorization document ?

Welcome to EH-Net, akira.

Why do you think going to the legal department or any lawyer would be a bad idea for this? I am asking because I don't think using an existing template and modify it slightly in order to fit your needs better is still not enough to consider all possibilities which could happen and can't replace the process to get help from a lawyer at all.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Tue Jan 12, 2010 12:04 pm

Re: "Get out of Jail Free" or Written Authorization document ?

I've searched and searched.  I've searched previous threads here, NIST (http://csrc.nist.gov/) and everywhere in between.  I am positive I've heard of a template from Ed Skoudis, but darn if I can find it.  My recommendation would be to work with your legal department to work up the language.

Being that you are an internal team, I am not sure if you would require such a document.  I believe the document is more for 3rd party vendors, like penetration testers.  I'm not saying that it would not be helpful to have the information in writing, but it may be overkill.  I think what would be more important is making sure there are appropriate corporate policies which support your work.  You may want to talk to your CIO/CISO.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Jan 13, 2010 6:02 am

Re: "Get out of Jail Free" or Written Authorization document ?

'Get out of jail free' can still be useful/important for internal terms. In addition to cya, it can also help establish the boundaries and business needs during an incident.

For example, in the event of a incident involving malware on the companies main web farm, can you pull the network to stop additional propogation? Or does the web presence have to remain up and operational at all costs, regardless of how much more difficult it makes containment?

CYA, applies both internal and external in my opinion, although could equally be in the form of a 'procedure' rather than a get out of jail document for internal scenarios.

And in answer to original question; sorry, don't know of any template available for a starting point, despite looking :(
<<

CMonkeyDO

User avatar

Newbie
Newbie

Posts: 7

Joined: Thu Sep 04, 2008 4:27 pm

Post Thu Jan 14, 2010 12:43 pm

Re: "Get out of Jail Free" or Written Authorization document ?

Here's a link to Ed's template: www.counterhack.net/permission_memo.html.
Last edited by CMonkeyDO on Thu Jan 14, 2010 12:44 pm, edited 1 time in total.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Jan 20, 2010 10:16 am

Re: "Get out of Jail Free" or Written Authorization document ?

Thanks CMonkeyDO
<<

akira

Newbie
Newbie

Posts: 2

Joined: Mon Jan 11, 2010 11:36 am

Post Mon Jan 25, 2010 1:44 pm

Re: "Get out of Jail Free" or Written Authorization document ?

Thank you CMonkeyDO.

And to everyone else. I wanted to have an idea of what other people were thinking when I went in to the legal department to discuss this.

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software