General Cisco Security Question
Soondubu
Member Posts: 13 ■□□□□□□□□□
I keep hearing from coworkers and other Cisco associates that there is a heavy liability issue for Cisco Security Engineers. From what i'm told, a security engineer can be sued if the network they're responsible for is penetrated by a malicious entity. I've also heard that this isn't true from someone that is CCNP:S, but I just wanted to ask anyone out there that may have any input or an opinion. The reason why I ask is because I considering going through the Cisco Security track myself. Thanks for any input you guys may have.
Comments
-
NetworkVeteran Member Posts: 2,338 ■■■■■■■■□□My title is not "Cisco Security Engineer" so I cannot answer from that perspective, but the claim sounds far-fetched. We are usually only financially responsible for the damages we cause or that we allow to be caused through gross negligence, barring an agreed upon contract stating the contrary. Even in roles where that's a serious worry of lawsuits involving damages--and I have been in such roles--a half-million to a million dollars of liability insurance doesn't cost so much as one might think, especially if one can demonstrate to the insurer that they are a professional taking reasonable precautions.
-
jasong318 Member Posts: 102I work as a 'security engineer' and have never worried about, personally, being sued by a client. As long as I can show I used due care they would have a hard time proving negligence. I mean, if someone uses some 0day against them, how am I supposed to prevent that from happening (yes,yes, defense in depth and all that jazz)? That being said, my employer does carry insurance that covers this, but that is mainly one client practicing risk avoidance by transferring it to us It is an interesting question though, I mean, no network is 100% secure. At what point can you say, I've done all I can do, you can't sue me now?
-
PhildoBaggins Member Posts: 276If you take your car to a mechanic, they change the oil and filter then seal it all up 100% and your car catches fire it is really hard to prove it was the mechanics fault.
Clients are going to blame the company, the companies CSMs will blame production, production leaders will blame engineers. Engineers will have to look at the aftermath and perform a post mortem. The same can be said for a Problem Manager if your following ITIL.
I have only seen it once maybe twice in 10 years where neglegence leads to some sort of legal battle and both instances (even though it was an individuals fault) the individual responsible no longer worked at the organization because well they performed less than satisfactory. By the time the indicents occur its really the responsibility between the Customer facing leaders of your company and the decisionmakers and stakeholders of the client to determine who owns what and AFTER mitigating any issues how they will move forward from there.
You do take on more risk the higher you go. I am responsible for alot of stuff as a Tier 3 Senior guy but if anyone told me they were gonna sue me for somethign I designed 16 months ago I would tell them to go talk to their customer service rep.