Add to collection(s) Add to saved
  1. No category
Uploaded by m talks

ITS240 L1 Activity

advertisement 
S3-SOW-20-0001
CONSULTING SERVICES AGREEMENT
Thank you for choosing JLA ENTERPRISE, LLC as the provider for your comprehensive cyber security needs.
We will be providing monthly vulnerability and compliance scanning exclusively for your business. We are
excited to be part of your team.
This CONSULTING SERVICE AGREEMENT (“The Agreement”), is entered into on this date
and between JLA ENTERPRISE, LLC, a Georgia limited liability company (“The Consultant”) and ;
by
CLIENT, LLC (“The Client”).
(collectively, “The Parties”)
1 Statement of Work
1.1 Setup Services: The Consultant will perform the following actions to prepare for the Client's
penetration test.
A. The Consultant will install the latest version of Gophish software and conduct necessary updates,
testing, documentation, and troubleshooting to perform the monthly phishing attacks against the
Client. The Consultant will cover all licensing fees.
B. The Consultant will acquire a dedicated server using linode.com hosting services. The Consultant
will install Ubuntu Linux and update all installed software packages necessary. The Consultant will
cover all licensing fees.
1.2 Penetration Testing Services: The Consultant will assign a team to conduct open-source research,
build phishing campaigns, attempt compromise against identified vulnerabilities, gain privileged access,
and attempt to exfiltrate data. These services will be performed within the parameters of the agreed upon
Consultant/Client rules of engagement as outlined below:
A. Once the penetration test has started, it could take approximately seven weeks to complete and
produce a report.
B. The Consultant will conduct open-source research in accordance with Blackbox methodology as
determined by the Client. The Consultant will acquire data regarding employee’s social media
footprint as well as specific company data to include but not limited to employment, location, and
services. Below are specific Client outcomes:
I. Compromise of Executive's email
II. Compromise of Executive's documents
III. Compromise of financial information and financial systems
IV. Monitoring audio or video especially Executive offices
V. Access to sensitive Intellectual Property
VI. Exfiltration of data
C. The Consultant will use the information found in section 1.2B to create one to three phishing
campaigns utilizing traditional phishing, spearphishing, or whaling methodology.
Initials
1
S3-SOW-20-0001
D. The Consultant’s proprietary penetration testing methodology includes a five-phased approach:
I.
Reconnaissance - The Consultant will conduct open-research on the Client’s company to
determine points of interest to further scan for vulnerabilities.
II. Information Gathering - The Consultant will perform in-depth network scans to identify
access vectors to gain access during the Exploitation phase.
III. Exploitation - The Consultant will attempt exploitation against vulnerabilities and seek to
gain privileged access based on findings from the Reconnaissance and Information
Gathering phases.
IV. Maintaining Access - The Consultant will maintain access on various points of interest during
the penetration test to exfiltrate data.
V. Cleanup - The Consultant agrees to remove all proprietary tools used during the penetration
test and will remove persistence tools and user accounts from the Client’s systems.
E. During particular circumstances, the Consultant may approach the Client to request switching the
penetration test to white box methodology. The Consultant request would only be made after black
box methodology has been exhausted. The Consultant can only switch penetration testing
methodology if it is in the best interest of the Client.
F. The Consultant’s penetration testing methodology is designed and operated on a measured risk
basis, with safety for the Client’s systems and personnel at the forefront. The Consultant will
communicate to the Client every vulnerability identified, for written approval, prior to an
exploitation attempt.
G. Penetration testing services will be conducted Monday through Friday from 6 PM to 8 AM after
standard business hours, and anytime on Saturday and Sunday (The time is calculated for any time
zone). Penetration testing service will be performed via electronic means; travel is not permitted. If
the Client requests travel, the Client agrees to cover costs.
H. At the end of the penetration testing service, the Consultant will produce a finding report. This
report will contain the scope of work, executive summary, findings, methodology, screenshots per
successful exploit, definitions of risk levels, systems information, and the Consultant’s
recommendations.
I.
Retention of Results can be found in section 8.
1.3 Penetration Testing Reporting: The Consultant will produce a report to the Client after the
completion of the penetration testing services outlined in this Agreement. This report will contain the
scope of work, executive summary, findings, methodology, screenshots per successful exploit, definitions
of risk levels, systems information, and the Consultant’s recommendations.
3 Compensation and Payment
A. Set up Fees: For the Services described in this agreement, the Client setup fees are included in
the ongoing management fees section below. The first month of vulnerability scanning service will
act as an installation period. Reports for vulnerability scanning will start on the second month of
service. Setup can take varying lengths of time, but will usually take around ten days.
B. Network Vulnerability and Compliance Scanning Fees: For the Services described in this
agreement, the Client agrees to pay to the Consultant $560.00 per month and should be paid via
direct deposit, then check, if necessary. Payment is subject to net-10 payment rules.
Initials
2
S3-SOW-20-0001
C. Additional Fees: Pending Client approval, if the Consultant has determined additional services
are required such as, but not limited to: computer forensics, or in-depth vulnerability research, the
Client will be billed at a rate of $250/hr. The Consultant and the Client will agree upon the number
of additional hours required to provide additional services.
4 TERM
A. This Agreement will commence on the effective date first set forth above and remain in full force
and effect for a minimum period of 365 days. This Agreement shall continue on a month to month
basis unless otherwise terminated by the Consultant or Client or unless otherwise agreed to by the
Consultant and the Clients.
5 TERMINATION
A. This Agreement may be terminated by either party for any reason or no reason, whether or not
extended beyond the initial term, by giving the other party written notice 30 days in advance.
Written requests to terminate may be made by e-mail. If Client chooses to terminate this
agreement in writing, all monies owed to the Consultant will be due immediately. Under no
circumstances will the Consultant give refunds of the amount paid for the Services hereunder.
6 OWNERSHIP OF INTELLECTUAL PROPERTY
All plans, reports, programs, software (source and object code), digital tools, pictures, video,
music, content, artwork, designs, websites, framework, web services, software engines, products,
models, footage, applications of any kind, work, ideas, derivative works, confidential information,
concepts, deliverables, results of the services and all other tangible and intangible materials or
property provided, prepared or created under or resulting from this Agreement, whether or not
rejected by Client, and all copies thereof (collectively, the “The Materials”), shall be owned by
Client and shall be deemed “works made for hire,” under United States copyright Laws (17 U.S.C. §
101 or any future statute). Consultant represents, warrants and covenants that all Materials, along
with all rights contained therein, including, without limitation, the exclusive copyright and all other
intellectual property rights, are and shall be the property of Client immediately upon creation. If
any of the Materials are considered by a court of competent jurisdiction not to be a “work made for
hire” or under any circumstances where the full title and ownership thereof has not vested in
Client, Consultant hereby assigns to Client all right, title, and interest in such Materials immediately
upon creation and agrees to execute any future assignments to evidence or effect such
assignments. Without limiting the generality of the foregoing, Client will have, and Consultant shall
be responsible for ensuring Client has, the unlimited right to reproduce, transmit, distribute,
exhibit, perform, create derivative works based upon, exploit or otherwise use the Materials, and
all elements thereof, in any manner and in any and all media now known or hereafter devised
throughout the world in perpetuity.
7 CONFIDENTIAL INFORMATION
A. Except as provided elsewhere in this Agreement, all information disclosed by one Party to the other
Party shall be deemed to be confidential and proprietary (“Proprietary Information”). Such
Proprietary Information includes, without limitation, information regarding marketing, sales
programs, sales volume, sales conversion rates, sales methods and processes, sales proposals,
products, services, vendors, customer lists, training manuals, sales scripts, telemarketing scripts,
names of investors, and customer information, operating procedures, pricing policies, strategic
plans, intellectual property, information about a Party’s employees and other confidential or
Proprietary Information belonging to or related to a Party’s affairs. The Receiving Party
acknowledges and agrees that in any proceeding to enforce this Agreement it will be presumed that
the Proprietary Information constitutes protectable trade secrets and that the receiving Party will
bear the burden of proving that any portion of the Proprietary Information was publicly or rightfully
known and disclosed by the receiving Party. The Parties, their employees, subsidiaries, affiliates,
agents, and assigns agree to hold all Proprietary Information, regardless of when or how disclosed,
in strict confidence and with not less than the same degree of care that they provide for their own
Initials
3
S3-SOW-20-0001
confidential and proprietary information. The Parties warrant and represent that the degree of care
contemplated herein is adequate and the Parties will take any and all steps reasonably necessary
to preserve such Proprietary Information.
B. Nothing in this Agreement shall prohibit or limit the receiving Party’s use of information that can be
demonstrated as: (a) previously known to the receiving Party, (b) independently developed by the
receiving Party, (c) acquired from a third party, not under similar nondisclosure obligations to the
disclosing Party, or (d) acquired through the public domain through no breach by the receiving
Party of this Agreement.
C. License. Client grants The Consultant a limited, nontransferable, nonexclusive license to copy,
use, store, set up, publicly display, publicly perform and transmit any trade names, trademarks,
service marks, copyrights, content, text, images, software, functionality, page and other design
and layout, media and other materials therein and solely in connection with creation of the
Campaign and direct response marketing in accordance with this Agreement. Other than as
specifically provided herein, the Parties, their employees, subsidiaries, affiliates, agents and
assigns, shall not disclose any Proprietary Information without the express written consent of the
other Party. Also, neither Party shall use the Proprietary Information for any purpose other than
purposes related to their business relationship as laid out in this Agreement. In the event that the
receiving Party is required by applicable law, rule, regulation or lawful order or ruling of any court,
government agency or regulatory commission to disclose any Proprietary Information, the receiving
Party understands that the disclosing Party may desire to seek an appropriate protective order or
take steps to protect the confidentiality of such Proprietary Information. Consequently, the
receiving Party agrees that it will provide the Disclosing Party with prompt notice of such
request(s).
Remedies. The Parties acknowledge that the Proprietary Information exchanged is valuable and
unique, and that disclosure in breach of this Agreement will result in irreparable injury to the
adversely affected Party, for which monetary damages, on their own, would be inadequate.
Accordingly, the Parties agree the adversely affected Party shall have the right to seek an
immediate injunction enjoining any such breach or threatened breach of the Agreement.
8 RETENTION OF RESULTS
A. Data will be stored encrypted and, in a manner, accessible only by the Consultant. If relevant, after
a period of one year, the Consultant will destroy all historical data not required and provide a
certificate of authenticity (if needed) to the Client.
9 WARRANTY AND DISCLAIMER
A. Consultant warrants that Consultant’s Work will be provided in a workmanlike manner, and in
conformity with generally prevailing industry standard and Client’s reasonable requirements.
SUBJECT TO CONSULTANT’S FULFILLMENT OF ITS OBLIGATIONS UNDER THIS AGREEMENT, CONSULTANT WILL NOT
BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DENIAL -OF-SERVICE ATTACK, UNIDENTIFIED VULNERABILITY,
VIRUSES OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER
PROGRAMS, DATA NETWORK OR OTHER PROPRIETARY MATERIAL , EXCEPT TO THE EXTENT CAUSED BY NEGLIGENCE OF
OR WRONGFUL ACT BY CONSULTANT.
B. Consultant represents, warrants and covenants that it does currently, and will at all times during
the Term, operate its business and provide its services in accordance with industry standard
security practices, including, without limitation, the proper use and configuration of industry
standard anti-virus/anti-malware software.
10 LIMITATIONS OF REMEDIES
A. Client’s sole and exclusive remedy for any claim against Consultant with respect to the quality of
Consultant’s Work shall be the correction by Consultant of any material defects or deficiencies
therein, of which Client notifies Consultant in writing within 90 days after the completion of that
portion of Consultant’s Work, and Consultant shall fully correct all such material defects and
deficiencies to Client’s reasonable satisfaction within 10 business days following the date of such
Initials
4
S3-SOW-20-0001
notice; provided, that Client will be entitled to a full refund of all fees paid with respect to such
defective/deficient work if Consultant does not fully correct the same to Client’s reasonable
satisfaction within such 10 day period. In the absence of any such notice within such 90-day
period, Consultant’s Work shall be deemed satisfactory to and accepted by Client.
11 LIMITATIONS OF LIABILITY
A. In no event shall either party be liable for any loss of profit or revenue by the other party, or for
any other consequential, incidental or indirect damages incurred or suffered by such other party
arising as a result of or related to this Agreement, whether in contract, tort, or otherwise, even if
such party has advised of the possibility of such loss or damages. Client further agrees that the
total liability of Consultant for all claims of any kind arising as a result of or related to this
Agreement, or to any act or omission of Consultant, whether in contract, tort, or otherwise, shall
not exceed an amount equal to the amount actually paid by Client to Consultant for Consultant’s
Work during the period preceding the date the claim arises, except for any claims arising from
Consultant’s gross negligence or wrongful acts, which shall not be subject to any limitation of
liability. Consultant shall indemnify and hold Client harmless against any claims by third parties,
including all costs, expenses and attorneys’ fees incurred by Client, arising out of or in conjunction
with Consultant’s performance under or breach of this Agreement.
12 RELATIONS OF PARTIES
A. The performance by Consultant of its duties and obligations under this Agreement shall be that of
an independent contractor, and nothing herein shall create or imply an agency relationship
between Consultant and Client, nor shall this Agreement be deemed to constitute a joint venture or
partnership between the Parties.
13 EMPLOYEE SOLICITATION/HIRING
A. During the period of this Agreement and for 12 months thereafter, neither party shall directly or
indirectly solicit or offer employment to or hire any employee, former employee, subcontractor, or
former subcontractor of the other. The terms “former employee” and “former subcontractor” shall
include only those employees or subcontractors of either party who were employed or utilized by
that party during the Term.
14 NO GUARANTEE
A. The Consultant does not warrant or guarantee any specific level of performance or results. There is
no guarantee that indicators of compromise exist.
15 ENTIRE AGREEMENT
A. This Agreement is the final, complete, and exclusive Agreement of the Parties. No modification of
or amendment to this Agreement shall be valid unless in writing and signed by each of the Parties.
16 SEVERABILITY
A. If any provision of this Agreement shall be held to be illegal, invalid or unenforceable, such
provision shall be fully severable, and this Agreement shall be construed and enforced as if such
illegal, invalid, or unenforceable provision had never comprised part of this Agreement, the
remaining provisions of this Agreement shall remain in full force and effect.
17 ADJUSTMENT FOR INFLATION
A. The ongoing vulnerability scanning services fees rate set forth in section 3B above, shall be
increased yearly for inflation by a percentage amount equal to 2.5%.
Initials
5
S3-SOW-20-0001
18 HEADINGS
A. The headings used in this Agreement are for convenience only and shall not be used to limit or
construe the contents of this Agreement.
19 INTERPRETATION AND ENFORCEMENT
A. The parties understand and agree that the construction and interpretation of this Agreement are
governed by the laws of the State of Georgia. If either party must initiate legal action to enforce
this Agreement, the Parties agree that the proper venue for such action shall be the courts of the
State of Georgia. By their signatures below, the parties hereby understand and agree to all terms
and conditions of this Agreement.
By their signatures below, the Parties hereby understand and agree to all terms and conditions of this
Agreement.
JLA ENTERPRISE, LLC
CLIENT, LLC
Jake Gramm, CEO
Jim Halpert, CTO
Date
Date
Initials
6
Related documents
job titleh
job titleh
20170723-Financial Proposal Opening Checklist
20170723-Financial Proposal Opening Checklist
15.040, Spring 2004
15.040, Spring 2004
Download
advertisement