November 4, 2004 (Computerworld) --
We've seen it before: innocent and unsuspecting organizations that have their networked computers hijacked for use as pawns in attacks against other companies' networks. But what about when such hijacking can be averted? Is it the middleman's responsibility to prevent further dispersal of attacks? When a hacker sends a virus and/or infiltrates a system and then uses that system to break into or infect other systems, does it result in potential liability for the victim? Downstream liability is recognized as failure to secure, warn and prevent such propagation. If your organization's computer systems are infected with a virus that's further dispersed by your employees, are you liable for damages that result? You can be if your organization was made aware of the virus's presence, for instance, if a savvy staffer runs antivirus software and discovers it or if you're notified by one of the recipients of your infected e-mail. This awareness may cause your organization to be receive blame indirectly. Once a user or an organization is made aware that its system has been made the pawn in furthering the spread of a virus or infiltration (through being hijacked), it could become a target of legal action for having had a hand (even though not intentionally) in spreading the virus. Certainly, an organization is negligent if it's notified that its system is being used as a launch pad for spreading a known virus and doesn't take steps to prevent further infections. While the virus writer is the one directly responsible for creating such viruses, the organizations suffering losses can be held liable for the resulting damage. An organization is more apt to have assets and resources from which litigants may recoup damages, as opposed to a hacker, who is more likely an adolescent or someone with few assets. Aside from the ethical concerns connected with downstream liability, organizations must take into account their legal obligation to keep their systems secure. Depending upon the state in which the organization is located, there may be laws governing statutory requirements, liability avoidance and legal facilitation of prosecution for unauthorized access and use. In an effort to protect themselves against such liability, organizations have to use appropriate antivirus defenses. With liability decided at the state level, organizations are left in a quandary, since downstream attacks can happen virtually anywhere across connected systems, without regard to traditional boundaries or borders. In short, an organization's information systems must be kept secure, not only from a legal standpoint, but for their commercial dealings as well.
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary live webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Online Security Issues in Regulated Industries
Download this research paper, free for a limited time, compliments of Webroot! (Source: Webroot Software) In June 2008, Computerworld invited IT and business leaders to participate in a survey on online security initiatives at their organizations. The goal of the survey was to better understand Web and e-mail security issues faced today within the regulated education, financial services, government and health care industries. The following report represents top-line results of that survey. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Security Management Zone
Security management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure.
Visit the CDW Security Management Zone nowSee All Zones
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.
In Security Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected.
Click here to read the latest column by Jon Espenschied