By Richard P. Goldberg

      Information security professionals deal with legal contracts more frequently than they would like. Often, agreements are drafted and signed—or received and blindly signed—under immense time pressure: a company may have only recently discovered a persistent threat, or a vulnerability may just have been discovered. For the unprepared, this scenario can lead to unforeseen, severely negative consequences.

      In service and employment contracts, there are certain things you should never agree to, and there are certain protections you always need. Otherwise you're essentially betting your future, and the future of your company, on the hope that nothing will go wrong. Ever.

      This talk is a discussion of legal issues in contracting for the information security professional. It discusses common provisions in service and employment contracts, including those you should never agree to and those you always need—to avoid betting the company. In short, this talk is intended to help you keep yourself and your company out of trouble. Topics include dealing with "standard" contracts and "standard" provisions; what it means to "indemnify" someone else; how to protect your intellectual property and confidential information; and other dangers, including warranties and audit-rights provisions. It will also cover some negotiation strategies. Attendees should leave with a better understanding of the relevant legal issues and when they should seek professional help—from a lawyer.

      The presentation is available for download here.

      If you would like to discuss how these issues could affect your business, or if you would like to discuss any other contracting issues, please do not hesitate to contact me.

      Attorney Advertising: This material has been prepared for general informational purposes only and is not intended as legal advice.