Unformatted text preview: d law enforcement develop and refine their respective approaches to computer crimes, so too must corporations. Corporations should develop
not only their preventive, detective, and corrective approaches, but also their liability
and responsibility approaches. As these crimes increase in frequency and sophistication, so do their destruction and lasting effects. In most cases, the attackers are not
caught, but there is plenty of blame to be passed around, so a corporation needs to take
many steps to ensure that the blame and liability do not land clearly at its doorstep.
The same is true for other types of threats that corporations have to deal with today.
If a company has a facility that burns to the ground, the arsonist is only one small piece
of this tragedy. The company is responsible for providing fire detection and suppression systems, fire-resistant construction material in certain areas, alarms, exits, fire extinguishers, and backups of all the important information that could be affected by a
fire. If a fire burns a company’s building to the ground and consumes all the records
(customer data, inventory records, and similar information that is necessary to rebuild
the business), then the company did not exercise due care to ensure it was protected
from such loss (by backing up to an offsite location, for example). In this case, the employees, shareholders, customers, and everyone affected could successfully sue the company. However, if the company did everything expected of it in the previously listed
respects, it could not be successfully sued for failure to practice due care (negligence).
Figure 10-1 illustrates the results of a real-world story where a company was found
guilty of negligence and fraud.
In the context of security, due care means that a company did all it could have reasonably done, under the circumstances, to prevent security breaches, and also took
reasonable steps to ensure that if a security breach did take place, proper controls or
countermeasures were in place to mitigate the damages. In short, due care...
View Full Document