Tsibouris & Associates Home |
Practice Areas |
IT Security - make sure you exersise due care
article "Fighting Back, Legally
The trend in law is to hold organizations accountable for their own IT security weaknesses, warns Ben Wright, a Dallas-based attorney specializing in computer crime and a SANS instructor.
This is particularly the case (PDF) with Internet service providers, says Wright. For example, in 2003, a Maine court forced Verizon Communications Inc. to rebate many of its customers for outages experienced during the outbreak of the Slammer worm. Verizon had not "exercised due care" to protect against the Slammer worm, according to the court.
"Due care can be helpful if you can show a court that you did this," he says. "But the fundamental step is to have a written security policy, followed by logs that showed you followed the policy [during the incident]."