Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Avoiding downstream liability

November 4, 2004 12:00 PM ET

Computerworld - We've seen it before: innocent and unsuspecting organizations that have their networked computers hijacked for use as pawns in attacks against other companies' networks.
But what about when such hijacking can be averted? Is it the middleman's responsibility to prevent further dispersal of attacks? When a hacker sends a virus and/or infiltrates a system and then uses that system to break into or infect other systems, does it result in potential liability for the victim? Downstream liability is recognized as failure to secure, warn and prevent such propagation.
If your organization's computer systems are infected with a virus that's further dispersed by your employees, are you liable for damages that result? You can be if your organization was made aware of the virus's presence, for instance, if a savvy staffer runs antivirus software and discovers it or if you're notified by one of the recipients of your infected e-mail. This awareness may cause your organization to be receive blame indirectly.
Once a user or an organization is made aware that its system has been made the pawn in furthering the spread of a virus or infiltration (through being hijacked), it could become a target of legal action for having had a hand (even though not intentionally) in spreading the virus.
Certainly, an organization is negligent if it's notified that its system is being used as a launch pad for spreading a known virus and doesn't take steps to prevent further infections. While the virus writer is the one directly responsible for creating such viruses, the organizations suffering losses can be held liable for the resulting damage. An organization is more apt to have assets and resources from which litigants may recoup damages, as opposed to a hacker, who is more likely an adolescent or someone with few assets.
Aside from the ethical concerns connected with downstream liability, organizations must take into account their legal obligation to keep their systems secure. Depending upon the state in which the organization is located, there may be laws governing statutory requirements, liability avoidance and legal facilitation of prosecution for unauthorized access and use.
In an effort to protect themselves against such liability, organizations have to use appropriate antivirus defenses. With liability decided at the state level, organizations are left in a quandary, since downstream attacks can happen virtually anywhere across connected systems, without regard to traditional boundaries or borders.
In short, an organization's information systems must be kept secure, not only from a legal standpoint, but for their commercial dealings as well.

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

Security

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs