This page is a continuation of https://www.ustech.ninja/terms-of-services-and-hiring/ please see that page for definitions.
1. Scope of Services
- For Clients Under a Support Plan: This engagement includes comprehensive cybersecurity assessment services, which may involve invasive testing activities such as accessing client systems with provided credentials, vulnerability scanning, penetration testing, and social engineering simulations. These assessments aim to thoroughly evaluate and enhance the client’s security posture.
- For Prospective Clients: This engagement includes non-intrusive cybersecurity demonstrations, such as uncredentialed vulnerability scans and social engineering simulations. While credential collection may occur to demonstrate potential vulnerabilities, these credentials will not be used to access any systems.
2. Nature of Testing
- For Clients Under a Support Plan: Testing may involve direct access to systems using provided credentials or previously granted access. These activities will be conducted to identify and remediate potential vulnerabilities comprehensively.
- For Prospective Clients: Testing will be limited to non-intrusive, uncredentialed scans, and simulations designed to identify vulnerabilities without accessing client systems. Credential collection during social engineering exercises is purely demonstrative and will not result in unauthorized system access.
3. Data Collection, Privacy, and Confidentiality
- For All Participants: Any data collected, including but not limited to credentials or system information, will be securely stored and used exclusively for assessment and reporting purposes. Provider commits to maintaining the privacy and confidentiality of all information collected.
- Client-Specific Data Handling: Data collected from clients under a support plan may be used to perform detailed security assessments, and findings will be shared with the client to facilitate security improvements. Data from prospective clients will be used solely for the purpose of demonstrating vulnerabilities, and any collected credentials will not be used for accessing systems.
4. Post-Assessment Reporting
- For Clients Under a Support Plan: Following completion of the assessments, Provider will provide detailed reports including findings, vulnerabilities identified, and tailored recommendations for improving security.
- For Prospective Clients: A summary report will be provided, detailing general findings and highlighting potential vulnerabilities based on the non-intrusive tests conducted. This report will not include specific details that could facilitate unauthorized access or pose a security risk.
5. Client Acknowledgement and Responsibilities
- For All Participants: Participants acknowledge that the purpose of these cybersecurity assessments is to identify vulnerabilities and improve security awareness. The client or prospective client is responsible for taking necessary steps to address any vulnerabilities identified during the engagement.
- Liability Limitation: By engaging in these assessments, all participants agree to indemnify Provider from any liability resulting from the identified vulnerabilities or simulated attacks.