Interesting Article: Computer Security Experts Jailed for Failure to Prevent Hack

Two Computer Security Experts Jailed for Failure to Prevent Hospital Hack » ActiveResponse.org

When I first saw the original news story, I thought the "Jury" had lost their mind but figured the verdict would be appealed and didnt give it more than a 2nd thought. In this light, the implications hit close to home and the verdict is setting a dangerous precedent not just in criminal but civil litigation too.

Could you imagine your company coming after your paycheck, 401k and savings because while you did your due diligence, mitigated or accepted the risks you still got hacked in a manner you didnt expect? What about being criminally charged for it?

Dont get me wrong, we do have laws in place that allow for persecution for gross negligence but even then they generally hold the company (not the individual) responsible for the negligence and this certainly doesnt sound like negligence to me...

For those of you interested, here's the original article:
BBC News - L'Aquila quake: Italy scientists guilty of manslaughter

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

steve13ad

"This is, of course, a fictitious story based on a real case of the jailed Italian scientists who were convicted of failing to effectively communicate the risk of a major earthquake. 300 people died in that earthquake. As they say, hindsight is 20/20. Looking back one could easily say that the earthquake was imminent given the signs."

Roguetadhg

Well, I'd say the italian case is messed up, for one. Earthquakes can't be predicted at the current time. Faults slip, bump, push.. it's constant. I hope whomever is looking after Yellowstone knows when that volcano erupts, to the day.

In the same light, there's only so much that can be done when it comes to defending a network. Zero-Day attacks, for one are particularly difficult as they're unknown and undiscovered. There's a reason why hackers sell exploits to the highest bidder... It's why White Hats Vs Black Hats will generally be a cat and mouse game. Not to mention the risk assessments could devalue X. Meaning employers would look at the assessment and figure "It's not worth it" and just accept the chance.

I would hope that any IT specialist for Security takes his/her job seriously and professionally tries to uphold ethics that would demand them to do the best with what they have.

/soapbox.