Cyber Crime Investigations

The contract is the single most important tool used to define and regulate the legal relationship between the information security consultant and the customer. It protects both parties from misunderstandings and should clearly allocate liability in case of unforeseen or unintended consequences, such as a system crash, access to protected, proprietary, or otherwise sensitive information thought secure, and damage to the network or information residing on the network. The contract also serves as a roadmap through the security evaluation cycle for both parties. A LOA (described in the next section) serves a different purpose from a contract and often augments the subject matter covered in a contract or deals with relationships with third parties not part of the original service contract. In most evaluations, both will be required.
The contract should spell out each and every action the customer wants the provider to perform. Information security consultants should have a standard contract for a packages of services, but should be flexible enough for negotiation in order to meet the specific needs of the customer. What is, or is not, covered in the contract, and how the provisions should be worded, are decisions both parties must make only with the advice of qualified and experienced counsel familiar with this field. As with any other legal agreement between parties, both signatories should fully understand all the terms in the contract, or ask for clarification or re-drafting of ambiguous, vague, or overly technical...