Ethical Hacking Agreement for External Network Security Unannounced Penetration Test
|
|
- Emily Gilbert
- 7 years ago
- Views:
Transcription
1 Ethical Hacking Agreement for External Network Security Unannounced Penetration Test Agreement made on the (date), between (Name of Consultant) of (street address, city, state, zip code), referred to herein as Consultant, and (Name of Company), a Company organized and existing under the laws of the state of, with its principal office located at (street address, city, state, zip code), referred to herein as Company. Whereas, Consultant is in the computer security business performing unannounced penetration tests to test the security systems of companies; and Whereas, Company is in the business of (type of business), and in the conduct of such business desires to contract for the services of Consultant; and Whereas, Consultant agrees to perform these services for Company under the terms and conditions set forth in this Agreement. 1. Services to be Performed and Price. The Consultant agrees to perform services in accordance with the attached Appendix A for $, per hour, payable as follows: (terms of payment). As a part of Consultant's services, Consultant shall suggest to employees of the Company, selected by the Company, his findings concerning the security of Company s computer system and make suggestions on how to improve said security. 2. Place of Performance of Agreement It is understood that Consultant's services will be rendered principally at (street address, city, state, zip code), but Consultant will, on request, come to the such other places as designated by the Company, to meet with representatives of the Company. 3. Hours of Work In the performance of the services, the services and the hours Consultant is to work on any given day will be entirely within Consultant's control and Company will rely upon Consultant to put in such number of hours as is reasonably necessary to fulfill the spirit and purpose of this Agreement. This arrangement will probably take about (length of time). 4. Status of Consultant
2 This Agreement calls for the performance of the services of Consultant as an independent contractor and Consultant will not be considered an employee of the Company for any purpose. 5. Subcontracts. Contractor will not subcontract parts or the whole of this contract without obtaining the Company s consent. If a subcontractor is permitted to execute part or all of this Agreement, the Contractor will continue to he held responsible for all provisions of the Agreement. 6. No Waiver The failure of either party to this Agreement to insist upon the performance of any of the terms and conditions of this Agreement, or the waiver of any breach of any of the terms and conditions of this Agreement, shall not be construed as subsequently waiving any such terms and conditions, but the same shall continue and remain in full force and effect as if no such forbearance or waiver had occurred. 7. Governing Law This Agreement shall be governed by, construed, and enforced in accordance with the laws of the State of. 8. Notices Any notice provided for or concerning this Agreement shall be in writing and shall be deemed sufficiently given when sent by certified or registered mail if sent to the respective address of each party as set forth at the beginning of this Agreement. 9. Attorney s Fees In the event that any lawsuit is filed in relation to this Agreement, the unsuccessful party in the action shall pay to the successful party, in addition to all the sums that either party may be called on to pay, a reasonable sum for the successful party's attorney fees. 10. Mandatory Arbitration Any dispute under this Agreement shall be required to be resolved by binding arbitration of the parties hereto. If the parties cannot agree on an arbitrator, each party shall select one arbitrator and both arbitrators shall then select a third. The third arbitrator so selected shall arbitrate said dispute. The arbitration shall be governed by the rules of the American Arbitration Association then in force and effect. 11. Entire Agreement This Agreement shall constitute the entire agreement between the parties and any prior understanding or representation of any kind preceding the date of this Agreement shall not be binding upon either party except to the extent incorporated in this Agreement. 12. Modification of Agreement
3 Any modification of this Agreement or additional obligation assumed by either party in connection with this Agreement shall be binding only if placed in writing and signed by each party or an authorized representative of each party. 13. Assignment of Rights The rights of each party under this Agreement are personal to that party and may not be assigned or transferred to any other person, firm, corporation, or other entity without the prior, express, and written consent of the other party. 14. In this Agreement, any reference to a party includes that party's heirs, executors, administrators, successors and assigns, singular includes plural and masculine includes feminine. WITNESS our signatures as of the day and date first above stated. (Name of Company) By: (Printed name) (Printed name & Office in Corporation) (Signature of Consultant) (Signature of Officer) APPENDIX A Facilities: Objective: To provide an assessment of the external security profile of the networked computer systems (the Systems) of the Company and intrusion detection capabilities. Scenario: Testing will consist of four phases, during which various tools and techniques will be used to gain information and identify vulnerabilities associated with the Systems and subsequent attempts to penetrate the network. These phases, discussed in detail below are: network mapping; vulnerability identification; exploitation; and reporting. Network Mapping: Consultant will obtain much of the required information regarding the Systems network profile, such as IP address ranges, telephone number ranges, and other general network topology through public information sources, such as Internet registration services, web pages, and telephone directories. More detailed information about the site s network architecture will be obtained through the use of domain name server (DNS) queries, ping sweeps, port scans, and connection route tracing. Informal inquiries, not linked to Independent Oversight, may also be attempted to gather information from users and administrators that could assist in gaining access to network
4 resources. Once this general network information is compiled and analyzed, Consultant will begin identification of individual system vulnerabilities. Vulnerability Identification During this phase, Consultant will attempt to associate operating systems and applications with identified computers on the network. Depending upon System s architecture, this may be accomplished using automated tools, such as nmap and queso, or using manual techniques, such as telnet, ftp, or sendmail login banners. Using this information, Consultant will create a list of probable vulnerabilities associated with each potential target system. Also, at this point, automated scripts will be developed or compiled to attempt exploitation of vulnerabilities. Exploitation During this phase, system and user information will be used to attack the authentication processes of the target systems. Example attack scenarios in this phase include, but are not limited to: buffer overflows, application or system configuration problems, modems, routing issues, DNS attacks, address spoofing, share access and exploitation of inherent system trust relationships. Potential vulnerabilities will be systematically tested in the order of penetration and detection probability as determined by the members of the Consultant s penetration testing team. The strength of captured password files will be tested using password-cracking tools. Individual user account passwords may also be tested using dictionary-based, automated login scripts. In the event that an account is compromised, Consultant will attempt to elevate privileges to that of super user, root, or administrator level. Since the goal of Consultant s testing is to determine the extent of vulnerabilities, and not simply penetrate a single site system, information discovered on one system may be used to gain access to additional systems that may be "trusted" by the compromised system. Additionally, host-level vulnerabilities may be exploited to elevate privileges within the compromised system to install "sniffers" or other utilities. Consultant will insert a small text file at the highest level directory of each compromised system. In those cases where Consultant is unable to gain sufficient privilege to write to the system, a file will be copied from the system. In either case, additional files may be copied during testing if further review is required to determine sensitivity of information contained on the System. Consultant will maintain detailed records of all attempts to exploit vulnerabilities and activities conducted during the attack phase. Reporting Consultant will provide an on-site briefing of results. These results will also be documented in a management level report provided to Company that will cover the unannounced penetration testing. Specific details on vulnerabilities will also be provided to site technical personnel.
5 Special Considerations: Consultant will coordinate testing activities with a "trusted agent" in each department listed on the performance test agreement as appropriate. Company should identify an individual to be designated as a trusted agent in each department. All personnel who are informed of the testing will maintain strict confidentiality to ensure the validity of test results. Company will coordinate with trusted agents for each department to identify critical systems that should be excluded from testing activities (e.g., safety systems, major applications undergoing upgrades or other special evolutions). Specific network addresses and reasons for exclusion should be provided as an attachment to the signed performance test. Company will also identify any systems or network nodes that are connected to the Company s network, but are not under the direct control and responsibility of the Company. These systems will be excluded from testing unless Consultant obtains permission from the system owner. Consultant will provide the DOE Computer Incident Advisory Capability (CIAC) with information regarding the systems used for scanning and testing activities to ensure that testing activities are not confused with real attacks. While Consultant will not attempt to exploit "denial of service" vulnerabilities (unless specifically requested by the Company) and every attempt will be made to prevent damage to any information system and the data it holds, some penetration attempt scenarios have the possibility of causing service interruption. In the unlikely event that such an event occurs, Consultant will work with the trusted agents at the site to determine the nature of the problem and restore the system to its desired state of operation. All information obtained by Consultant will be protected (to the extent possible) from unauthorized access. In the event that any site personnel (excluding trusted agents) identify Consultant testing activities, site computer security personnel should document the detection of activity and take initial actions that would be taken in the case of a real intrusion, including informing the CIAC. If notified by the site of incidents that correspond with the penetration testing, CIAC and the site s trusted agents will inform the appropriate site computer security personnel that the activity identified is part of an authorized DOE test. In these cases, logs or other evidence of intrusion detection activities should be provided to Independent Oversight for analysis. Consultant s testing will then be allowed to continue as an announced external network security assessment without blocking, filtering, or restricting access. It is the Company s responsibility to restore network computer systems to a secure configuration after Consultant s testing. Independent Oversight will coordinate with and provide assistance (as requested) to system administrators during this period of "cleaning up" network computer systems. Clean-up may consist of removing added
6 programs and files, identifying systems whose password files were compromised, and restoring systems to a secure configuration so that no systems are left in a compromised condition. As evidenced by their signature on this performance test agreement, Operations Office and site contractor representatives certify that the Department s Banner and Warning Policy has been implemented at the site and network computer users have, as a result, granted constructive consent to this type of activity. APPROVALS: Director, Office of Cyber Security and Special Reviews Office of Chief Information Officer Representative Lead Program Secretarial Office Representative Operations Office Representative Site Contractor Representative
Pay Per Click Services Agreement
Pay Per Click Services Agreement Pay per click service agreement made on the (date), between (Name of Client), a corporation organized and existing under the laws of the state of, with its principal office
More informationContract for the Sale of Motor Vehicle Owner Financed with Provisions for Note and Security Agreement
Contract for the Sale of Motor Vehicle Owner Financed with Provisions for Note and Security Agreement Agreement made on the (date), between (Name of Buyer) of (street address, city, county, state, zip
More informationGeneral Form of Factoring Agreement regarding the Assignment of Accounts Receivable
General Form of Factoring Agreement regarding the Assignment of Accounts Receivable Agreement made on the (date), between (Name of Factor), a corporation organized and existing under the laws of the state
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationIBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing
IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed
More informationHIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?
HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What
More informationBUSINESS ASSOCIATE ADDENDUM
BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.
More informationATTORNEY SUBSCRIBER AGREEMENT FOR REMOTE ACCESS TO TAZEWELL COUNTY CIRCUIT COURT CASE DOCUMENTS known as Officer of the Court Remote Access (OCRA)
ATTORNEY SUBSCRIBER AGREEMENT FOR REMOTE ACCESS TO TAZEWELL COUNTY CIRCUIT COURT CASE DOCUMENTS known as Officer of the Court Remote Access (OCRA) This Agreement is made and entered into by and between
More informationATTORNEY EMPLOYEE SUBSCRIBER AGREEMENT FOR REMOTE ACCESS TO TAZEWELLCOUNTY CIRCUIT COURT CASE DOCUMENTS
ATTORNEY EMPLOYEE SUBSCRIBER AGREEMENT FOR REMOTE ACCESS TO TAZEWELLCOUNTY CIRCUIT COURT CASE DOCUMENTS known as Officer of the Court Remote Access (OCRA) This Agreement is made and entered into by and
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationAGREEMENT FOR WEBSITE MAINTENANCE AND MODIFICATIONS
AGREEMENT FOR WEBSITE MAINTENANCE AND MODIFICATIONS 1. Authorization. (Name), (the Client ) authorizes GeekArtist Web Solutions, LLC at 4314 Princeton Drive, Garland, TX 75042 (hereinafter referred to
More informationPension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing 2001 - An Update
Pension Benefit Guaranty Corporation Office of Inspector General Evaluation Report Penetration Testing 2001 - An Update August 28, 2001 2001-18/23148-2 Penetration Testing 2001 An Update Evaluation Report
More informationINVESTMENT ADVISORY AGREEMENT
INVESTMENT ADVISORY AGREEMENT THIS INVESTMENT ADVISORY AGREEMENT is made on the Effective Date identified below by and between the investment advisors affiliated with BCG Securities, Inc. ( Advisor ),
More informationDocument A312 TM SURETY. (Name, legal status and principal place of business)
Performance Bond Document A312 TM 2010 CONTRACTOR: (Name, legal status and address) OWNER: (Name, legal status and address) CONSTRUCTION CONTRACT Date: Amount: $ Description: (Name and location) Uninterruptible
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationThis form may not be modified without prior approval from the Department of Justice.
This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate
More informationPenetration Testing //Vulnerability Assessment //Remedy
A Division Penetration Testing //Vulnerability Assessment //Remedy In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising
More informationRunning a Default Vulnerability Scan SAINTcorporation.com
SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s
More informationAGREEMENT FOR WEB DESIGN & DEVELOPMENT
AGREEMENT FOR WEB DESIGN & DEVELOPMENT 1. Authorization. The Client,, authorizes GeekArtist Web Solutions, LLC at 4314 Princeton Drive, Garland, TX 75042 (herein referred to as the The Company ) to develop
More informationInformation Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
More informationAIA Document A310 TM 2010
AIA Document A310 TM 2010 Bid Bond CONTRACTOR: OWNER: «Lane County» «125 East Eighth Avenue BOND AMOUNT: $ PROJECT: (Name, location or address, and Project number, if any) «Lane County Adult Corrections
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationPERSONAL SHOPPER SERVICES CONTRACT
PERSONAL SHOPPER SERVICES CONTRACT THIS AGREEMENT executed on this the day of, 20 by and between (hereinafter "Employer"), and (Hereinafter "Personal Shopper"). NOW, THEREFORE, FOR AND IN CONSIDERATION
More informationOPTION AND LITERARY PURCHASE AGREEMENT
[There are many types of film and television option agreements, from one-page letters to multi-page documents complete with copyright assignment forms. Ideally, an option agreement should include two separate
More informationDocument A312 TM SURETY. (Name, legal status and principal place of business)
Payment Bond Document A312 TM 2010 CONTRACTOR: (Name, legal status and address) OWNER: (Name, legal status and address) CONSTRUCTION CONTRACT Date: Amount: $ Description: (Name and location) Uninterruptible
More informationRunning a Default Vulnerability Scan
Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability
More informationH I P AA B U S I N E S S AS S O C I ATE AGREEMENT
H I P AA B U S I N E S S AS S O C I ATE AGREEMENT This HIPAA BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into by and between Opticare of Utah, Inc. ( Covered Entity ), and,( Business Associate ).
More informationBusiness Credit Consulting Agreement
Business Credit Consulting Agreement THIS AGREEMENT is entered into by and between Business Credit Advisor or Business Credit Coach ( Advisor ) Business Credit Consulting Client ( Client ) and the Business
More informationINTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:
PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration
More informationKentucky Department of Education Version of Document A312 2010
Kentucky Department of Education Version of Document A312 2010 Performance Bond CONTRACTOR: (Name, legal status and address) SURETY: (Name, legal status and principal place of business) OWNER: (Name, legal
More informationPenetration Testing. Presented by
Penetration Testing Presented by Roadmap Introduction to Pen Testing Types of Pen Testing Approach and Methodology Side Effects Demonstration Questions Introduction and Fundamentals Penetration Testing
More informationMISSOURI HIGHWAYS AND TRANSPORTATION COMMISSION ELECTRONIC SIGNATURE AGREEMENT
CCO Form: DE06 Approved: 02/14 (AR) Revised: Modified: MISSOURI HIGHWAYS AND TRANSPORTATION COMMISSION ELECTRONIC SIGNATURE AGREEMENT THIS AGREEMENT is entered into by the Missouri Highways and Transportation
More informationFirstCarolinaCare Insurance Company Business Associate Agreement
FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance
More informationFor more information email sales@patchadvisor.com or call 703.749.7723
Vulnerability Assessment Methodology Today s networks are typically comprised of a variety of components from many vendors. This adds to the difficulties faced by the system administration staff, as they
More informationSURETY. and Title: (Any additional signatures appear on the last page of this Performance Bond.)
Performance Bond Document A312 2010 CONTRACTOR: (Name, legal status and address) SURETY: (Name, legal status and principal place of business) OWNER: (Name, legal status and address) CONSTRUCTION CONTRACT
More information388 Blohm Ave. PO Box 388 Aromas CA 95004-0388 (831)726-3155 FAX (831)726-3951 email aromaswd@aol.com ADDENDUM NO. 1
388 Blohm Ave. PO Box 388 Aromas CA 95004-0388 (831)726-3155 FAX (831)726-3951 email aromaswd@aol.com May 6, 2015 To: All Plan Holders From: Vicki Morris General Manager Subject: Water Serviceline Installation
More informationDocument A312 TM SURETY. (Name, legal status and principal place of business)
Performance Bond Document A312 TM 2010 CONTRACTOR: (Name, legal status and address) SURETY: (Name, legal status and principal place of business) OWNER: (Name, legal status and address) IESO, LLC Tom Jennings
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationINDUSTRIAL CARPET CLEANING SERVICES CONTRACT. THIS AGREEMENT executed on this the day of, 20 by and between. (hereinafter "Employer"), and
INDUSTRIAL CARPET CLEANING SERVICES CONTRACT THIS AGREEMENT executed on this the day of, 20 by and between (hereinafter "Employer"), and (hereinafter "Contractor") NOW, THEREFORE, FOR AND IN CONSIDERATION
More informationA43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006
IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in
More informationThe name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.
Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED
More informationARTIST MANAGEMENT AGREEMENT
ARTIST MANAGEMENT AGREEMENT AGREEMENT made this day of, 20 by and between (Artist) whose address is (hereinafter referred to as Artist and (Manager) whose address is, (hereinafter referred to as Manager
More informationAIA Document A312 - Electronic Format. Performance Bond
AIA Document A312 - Electronic Format Performance Bond THIS DOCUMENT HAS IMPORTANT LEGAL CONSEQUENCES: CONSULTATION WITH AN ATTORNEY IS ENCOURAGED WITH RESPECT TO ITS COMPLETION OR MODIFICATION. AUTHENTICATION
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationHIPAA Business Associate Agreement Instructions
HIPAA Business Associate Agreement Instructions HIPAA AND COLA ACCREDITATION The Health Insurance Portability and Accountability Act (HIPAA) requires laboratories to enter into written agreements with
More informationPerformance Bond. Business):
Performance Bond CONTRACTOR (Name and Address): (Name and Address of Principal Place of Business): OWNER (Name and Address): City of Cedar Rapids City Clerk, 101 First Street SE Cedar Rapids, IA 52401
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationPainting Services Agreement
This Packet Includes: 1. General Information 2. Instructions and Checklist 3. Step-by-Step Instructions 4. General Information This is between a Client and a Contractor who will perform painting services
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More informationATHENS AREA HEALTH PLAN SELECT, INC. HMO / POINT OF SERVICE / PPO GROUP HEALTHCARE CONTRACT
ATHENS AREA HEALTH PLAN SELECT, INC. HMO / POINT OF SERVICE / PPO GROUP HEALTHCARE CONTRACT This Group Healthcare Contract ("Group Contract" or the "Contract"), effective as of the day of, 20 _ (the Effective
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
More informationSPECIAL - PURPOSE LIMITED LIABILITY COMPANY AGREEMENT OF. LLC
SPECIAL - PURPOSE LIMITED LIABILITY COMPANY AGREEMENT OF. LLC This Special - Purpose Limited Liability Company Agreement of.. LLC (the Agreement ) is entered into by a CYNTHIA P. FLETCHER as Authorized
More informationINVESTMENT ADVISORY MANAGEMENT AGREEMENT
INVESTMENT ADVISORY MANAGEMENT AGREEMENT This Investment Advisory Agreement ( Agreement ) is entered into this day of, 20, by and between Rockbridge Asset Management, LLC ( Rockbridge ), a Registered Investment
More informationHosting Agreement. WHEREAS, Lanex is a software development and hosting firm that offers design, programming and hosting services; and
Hosting Agreement This Hosting Agreement ( Agreement ) comprises the terms and conditions that govern the provision of the hosting services, as defined below, to the clients ( Client ) of Lanex, LLC, with
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationSTANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT
STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 2014 (the Effective Date ), by and between (a) GI Quality Improvement Consortuim,
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is effective as of, 2013, and is by and between SOUTHWEST DEVELOPMENTAL SERVICES, INC. ( Covered Entity ) and ( Business Associate
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationBROKER SALESPERSON INDEPENDENT CONTRACTOR AGREEMENT. THIS AGREEMENT is entered into this day of, 20, between ( Broker ) and ( Salesperson ).
BROKER SALESPERSON INDEPENDENT CONTRACTOR AGREEMENT THIS AGREEMENT is entered into this day of, 20, between ( Broker ) and ( Salesperson ). RECITALS: Broker is engaged in business as a duly licensed real
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) by and between Drexel University ( Hybrid Entity ), with a principal address at 3141 Chestnut Street, Philadelphia, PA 19104,
More informationHOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA)
HOW TO COMPLETE A BUSINESS ASSOCIATE AGREEMENT (BAA) Once office has determined they would like to complete a Business Associate Agreement (BAA) with Premier Source, please complete the following steps:
More information19 Contracts. Contract Elements All legal contracts contain the same basic elements. National Nurses in Business Association, Inc.
This e-book single is an excerpt from the book Self-Employed RN written by Patricia Ann Bemis and published by the National Nurses in Business Association. More information about RN self-employment and
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationPenetration testing & Ethical Hacking. Security Week 2014
Penetration testing & Ethical Hacking Security Week 2014 Agenda Penetration Testing Vulnerability Scanning Social engineering Security Services offered by Endava 2 3 Who I am Catanoi Maxim Information
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationRethinking Schools Limited Institutional Site License
Rethinking Schools Limited Institutional Site License This License Agreement ( License ) is entered into the day of [20 ] ( Effective Date ) between Rethinking Schools Limited, a Wisconsin Corporation,
More informationSEO Agreement SEARCH ENGINE OPTIMIZATION AND REPORTING AGREEMENT
SEO Agreement SEARCH ENGINE OPTIMIZATION AND REPORTING AGREEMENT This Search Engine Optimization and Reporting Agreement ("Agreement") is hereby entered into between India Market Softech (P)Ltd. (hereinafter
More informationINDEPENDENT VIRTUAL ASSISTANT AGREEMENT (Company)
INDEPENDENT VIRTUAL ASSISTANT AGREEMENT (Company) This Independent Virtual Assistant Agreement ( Agreement ) is entered into as of,, by and between, with a principal place of business at ( Company ), and,
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationService Agreement Hosted Dynamics GP
Service Agreement Hosted Dynamics GP This is a Contract between you ( Company ) and WebSan Solutions Inc. ( WebSan ) of 245 Fairview Mall Drive, Suite 508, Toronto, ON M2J 4T1, Canada. This contract applies
More informationELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT THIS ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT
ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT THIS ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT (the "Agreement") is made as of, 2, by and between UGI Utilities, Inc. Gas Division
More informationCLS Investments, LLC Instructions for the Solicitor Application and Agreement
CLS Investments, LLC Instructions for the Solicitor Application and Agreement Please complete all fields on page 1 of the Solicitor Application and Agreement. Some general guidelines are set forth below.
More informationEnvironmental Management Consolidated Business Center (EMCBC) Subject: Cyber Security Incident Response
Date 06/10/10 Environmental Management Consolidated Business Center (EMCBC) Subject: Cyber Security Incident Response 1.0 PURPOSE Implementing Procedure APPROVED: (Signature on File) EMCBC Director ISSUED
More informationAGREEMENT WITH FOR PROFESSIONAL CONSULTANT SERVICES FOR
AGREEMENT WITH FOR PROFESSIONAL CONSULTANT SERVICES FOR This Agreement, made and entered into this day of,, by and between the CITY OF SAN MATEO, a municipal corporation existing under the laws of the
More informationAiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.
Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern
More informationCOMMONWEALTH OF VIRGINIA STANDARD PERFORMANCE BOND
(Rev 03/02) Page 1 of 6 COMMONWEALTH OF VIRGINIA STANDARD PERFORMANCE BOND KNOW ALL MEN BY THESE PRESENTS: That, the Contractor ( Principal ) whose principal place of business is located at and ( Surety
More informationMerchant Gateway Services Agreement
Merchant Gateway Services Agreement This Merchant Gateway Services Agreement ( Agreement ) is made as of, 20 ( Effective Date ), by and between American POS Alliance, LLC ( Reseller ) and the merchant
More informationConstruction Performance Bond. THIS CONSTRUCTION PERFORMANCE BOND ( Bond ) is dated, is in the penal sum of. Sample Preview CONTRACTOR: Address
Construction Performance Bond THIS CONSTRUCTION PERFORMANCE BOND ( Bond ) is dated, is in the penal sum of [which is one hundred percent of the Contract Price], and is entered into by and between the parties
More informationBID BOND CITY OF EAST POINT, GEORGIA
BID BOND CITY OF EAST POINT, GEORGIA BIDDER (Name and Address): SURETY (Name and Address of Principal Place of Business): OWNER (hereinafter referred to as the City (Name and Address): City of East Point
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationECLIPSE FOUNDATION, INC. MEMBERSHIP AGREEMENT
ECLIPSE FOUNDATION, INC. MEMBERSHIP AGREEMENT THIS MEMBERSHIP AGREEMENT (the Agreement ) is effective as of this day of, 20 (the Effective Date ) by and between Eclipse Foundation, Inc. (the Eclipse Foundation
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCLIENT ADVISORY AGREEMENT
CLIENT ADVISORY AGREEMENT This is an agreement between a California Registered Investment Advisor ( Advisor ) with its principal office at 13 B Hatton Avenue, Spreckels, California, and ( Client ). By
More informationFoundstone ERS remediation System
Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk
More informationINDEPENDENT CONTRACTOR AGREEMENT INTERPRETATION/TRANSLATION SERVICES
INDEPENDENT CONTRACTOR AGREEMENT INTERPRETATION/TRANSLATION SERVICES This INDEPENDENT CONTRACTOR AGREEMENT (the Agreement ) is entered into effective this day of, 2001, by and between, ( IC ) and OpenWorld
More informationSUB-PRODUCER AGREEMENT
SUB-PRODUCER AGREEMENT THIS AGREEMENT is made and entered into on the day of, 2015 by and between SELECT INSURANCE MARKETS, LP., a Texas Company ( SIM ) and the following named individual or agency who/which
More informationBENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT
BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization
More informationPDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]
PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name] [Date] [Location] 1 Prepared by: [Author] [Title] Date Approved by: [Name] [Title] Date 2
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationRL Solutions Hosting Service Level Agreement
RL Solutions Hosting Service Level Agreement April 2012 Table of Contents I. Context and Scope... 1 II. Defined Terms... 1 III. RL Solutions Responsibilities... 2 IV. Client Responsibilities... 4 V. The
More information