The items that follow below come from the SANS Institute NewsBites newsletter, February 5, 2003.
They suggest that companies that pay more attention to security are going to avoid Slammer-like problems better than those that don't. That means there is behavior on the part of companies that can be characterized as negligent or reckless or reasonable. That means lawyers will be able to fit companies' behavior into traditional negligence tort law forms. It's likely that a person harmed by a company's failure to take reasonable preventive measures will successfully sue a company that possessed data that was stolen, for example. Or that caused some other harm from the failure of a computer to operate.
Companies don't seem to be taking that into account in doing risk-reward calculations about network security. Get insurance. Take steps to protect networks. Legal liability is coming.
--FAA Security Practices Helped Fend off Slammer
(28 January 2003)
The Federal Aviation Administration (FAA) came through Slammer
relatively unscathed: only one administrative server was compromised.
FAA CIO Daniel Mehan credited his agency's cyber security strategies,
which include keeping current on patches, providing regular training
for employees, isolating mission critical flight control computers
from web connected machines, using firewalls and conducting regular
internal security audits. The FAA is also working with some vendors
on building security into their products.
http://www.idg.net/ic_1041353_9676_1-5123.html
--FAA CIO Mehan Interview
(31 January 2003)
In an interview, Federal Aviation Administration (FAA) CIO Dan Mehan
discussed the need for developers to integrate security into the
design of their products and the FAA's policy on wireless technologies.
http://www.computerworld.com/securitytopics/security/story/0,10801,78060,00.html
--Missing Hard Drive Contains Data that Could be Used in Identity
Theft
(30 January 2003)
The Royal Canadian Mounted Police (RCMP) and the Regina (Saskatchewan)
Police Service are investigating the disappearance of a computer hard
drive that contains personal information belonging to 180,000 customers
of Co-operators Life Insurance Company; the information could be used
to steal people's identities. Co-operators' customers have been sent a
letter describing the situation. ISM Canada, the company that stored
the data, says other clients' data is also on the disk.
http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1035777205819&call_pageid=968332188492&col=968793972154
http://www.theregister.co.uk/content/55/29117.html
--Take Steps to Protect Databases, Warn Lawyers
(30 January 2003)
Lawyers in the UK are warning companies to take steps to better protect
their databases after two incidents of attempted data theft were
reported recently. The databases may have been targeted to harvest
e-mail addresses for mass mailings. The lawyers say companies should
document the steps they take to secure the data and develop disaster
plans that can be implemented in the case of an attack.
http://www.vnunet.com/News/1138363
9:46:55 AM 
|
