Liability and Computer Security: Nine Principles
نویسنده
چکیده
The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly different: many computer security systems are at least as much about shedding liability as about minimising risk. Banks use computer security mechanisms to transfer liability to their customers; companies use them to transfer liability to their insurers, or (via the public prosecutor) to the taxpayer; and they are also used to shift the blame to other departments (“we did everything that GCHQ/the internal auditors told us to”). We derive nine principles which might help designers avoid the most common pitfalls.
منابع مشابه
Software Security and Liability
The abundance of flawed software has been identified as the main cause of the poor security of computer networks since major viruses and worms have been exploiting the vulnerabilities of such software. As an incentive mechanism for software security quality improvement, software liability has been intensely discussed among computer scientists, jurists, and policy makers for a long time. In this...
متن کاملRisk management in the sphere of state economic security provision using professional liability insurance
This study contains a comprehensive scientific analysis of modern problems of risk management in the sphere of state economic security provision using professional liability insurance. The elements of the mechanism for providing economic security are defined, namely: subjects, objects, and instruments of influence. It is stipulated that insurance is the means to provide state economic security....
متن کاملLaw Enforcement; a Function of Criminal Liability or Civil Liability
Despite the fact that in investigations and legal writings enough consideration has been paid to the founding principles and rules governing civil and criminal liability as well as damages of crime, the legal or disciplinary responsibility accompanying these two types of legal responsibilities has not been taken seriously into account and the people involved it - in particular, the authorities ...
متن کاملVaccine liability in the era of bioterrorism.
THIS PAPER ANALYZES Section 304 of the Homeland Security Act of 2002,1 as amended in April 2003,2 which sets forth liability protection for participants in the current national smallpox vaccination program.3 It explains to nonlawyers the state of liability protection as it stands in mid-2003. Section 304 (or “the Homeland Security Act” or “the Act”) has been controversial since its enactment—in...
متن کاملConfidential Business Information in Jurisprudence and Iranian law
As a result of information technology era and possibility of swift access to information, endorsement of Confidential Business Information (CBI) has found an extraordinary importance; whereas the CBI concept and legal warranty in order to support it thoroughly in Iran is not emphasized in the framework of a specific law. This issue has led to legal problems in the trial with allegation of CBI v...
متن کامل