Main Nav

Would any one be willing to share an example of an internal pentest agreement/permission document between an employer and an information security employee, ideally one that is used in your own organization? So far the examples I have turned up are more or less contracts between an organization and an outside third party.

Thank you for your help and input!

Adam
 
 
 
Adam P. Vedra, CISSP, GSEC
Information Security Officer
Calvin College
 

Comments

Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps, Sam
Would any one be willing to share an example of an internal pentest agreement/permission document between an employer and an information security employee, ideally one that is used in your own organization? So far the examples I have turned up are more or less contracts between an organization and an outside third party.

Thank you for your help and input!

Adam
 
 
 
Adam P. Vedra, CISSP, GSEC
Information Security Officer
Calvin College
 
Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps, Sam