PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
January 2003

Security liability: Who's to blame for a data security breach?

It's 4 a.m., and the last person you want to hear from is the security watch leader at your hosting firm. It seems that after last night's upgrades, one of your servers started sending unusual ICMP packets off to Korea. Protocol is: call you. So now the baby is crying, your spouse is fuming, and you're stomping around looking to take a strip out of someone's hide. But whose hide? Who's responsible for the breach? Liability for security vulnerabilities and exploits isn't easy to assign, according to the Information Security survey. We asked who should be held most responsible for security incidents, giving survey respondents six choices: Hardware/Software Developers Service Providers Deploying Organization Users Perpetrators/Attackers Other Not surprisingly, respondents assigned the most responsibility to perpetrators of the incident (30 percent)--the hackers, crackers and script-kiddies who exploit an identified flaw (see Figure 4). But those surveyed weren't shy about spreading the blame around. Runners-up in the blame game ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue