Information security work, from pentesting to auditing, incident response to forensics, can be plagued with legal risks.
Such work itself may be fraught with danger: servers knocked off line, sensitive data in the hands of the consultant and subject to subpoena, and even lawsuits by third parties.
The solution is to set clear "rules of engagement."
Read more