Tsibouris & Associates Home | Practice Areas | Attorneys | Contact | Publications | Clients | Blog Home

Thursday, January 20, 2005

IT Security - make sure you exersise due care

Computer World article "Fighting Back, Legally":

The trend in law is to hold organizations accountable for their own IT security weaknesses, warns Ben Wright, a Dallas-based attorney specializing in computer crime and a SANS instructor.

This is particularly the case (PDF) with Internet service providers, says Wright. For example, in 2003, a Maine court forced Verizon Communications Inc. to rebate many of its customers for outages experienced during the outbreak of the Slammer worm. Verizon had not "exercised due care" to protect against the Slammer worm, according to the court.

"Due care can be helpful if you can show a court that you did this," he says. "But the fundamental step is to have a written security policy, followed by logs that showed you followed the policy [during the incident]."


Post a Comment

Subscribe to Post Comments [Atom]

<< Home