SecurityArena

Guide to Practical Info Security!

Who's Online

We have 3 guests online
CBK Law, Investigations & Ethics
Print E-mail
Written by Administrator   
Saturday, 13 June 2009 14:40
Article Index
CBK Law, Investigations & Ethics
Ethics
MOM
Computer Fraud and Abuses
Legal Responsibilities and Implications
Types of Laws
Computer Crime Investigations
Evidence
Laws and Regulations
All Pages
Page 5 of 9

Legal Responsibilities and Implications

Due Diligence

It means that did the company properly investigated and assessed all of its possible weaknesses and vulnerabilities to truly understand the true risk level or not.

Due Care

Means that a company did all that it could have reasonably done, under the circumstances, to prevent security breaches, protected its resources and employees and also took reasonable steps to ensure that if a security breach or incident did take place, proper controls or countermeasures were in place to mitigate the possible damages.

Prudent (careful) man rule

To perform duties that prudent people would exercise in a similar circumstances. In case of a security incident, before making a decision, court will try to establish following:

  • Whether like a prudent organization, this organization carried out an exercise to ascertain true risk level (due diligence)
  • And thereafter did the organization put all appropriate safeguards needed to be put in place to protect the company’s mission (due care) by protecting its tangible and intangible resources, reputation, employees, customers, shareholders, and legal position.
  • Senior management has an obligation to behave in a prudent manner, thereby protecting the company from different actions that can negatively affect it, including protection from malicious code, natural disasters, privacy violation, infraction of the law, etc.

Downstream liabilities

When companies come together to work in an integrated manner, special care must be taken to ensure that each party promises to provide the necessary level of protection, liability and responsibility needed which should be clearly defined in the contracts that each party signs.

Legally recognized obligation

There is a standard of conduct expected of every company to protect all others from unreasonable risks emanating from its activities. A company obligation is legally recognized if it fails to conform to this standard, thus resulting in an injury or damage to another company or person.

Proximate causation

If someone can prove that the damage that was caused was the company’s fault.
Last Updated on Friday, 28 August 2009 05:07
 
Please register or login to add your comments to this article.
Banner
Copyright © 2010 Information Security Arena. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
 
Joomla 1.5 Templates by Joomlashack