Why Due Diligence as a Defense is Not Enough
Source: net-security.org - Posted by Pax Dickinson   
Security Corporate executives love two words, ‚ÄúDue Diligence‚Ä?. Unfortunately, this is only half of the required formula for meeting the requirements under ‚ÄúStandard of Care‚Ä?. It is startling when such a large percentage of these executives fail to grasp the concept and legal liability imposed under ‚ÄúDue Care‚Ä?. Due care is the second half of the formula and equally as important. For without it, the standard of care can not be measured. Performing Due Diligence shows you where your risks lie, due care is exercising the requirements discovered under due diligence to protect or mitigate exposure from those risks.

While businesses have invested in technologies such as firewalls, intrusion detection, and now intrusion prevention, we are all too familiar with FUD (Fear, Uncertainty, and Doubt). How many presentations have you attended in the last six months where a security service provider discusses ‚ÄúCode Red‚Ä?, ‚ÄúNimda‚Ä? or ‚ÄúSlammer‚Ä?? The most recent of these is now two years old. So why are we still discussing them? One word, ‚Äúfear‚Ä?.

Fear of what exactly? Some might respond with, ‚ÄúDistributed Denial of Service (DDoS) attacks, Identity Theft, or the theft of intellectual property‚Ä?. All of which occur. What are the odds of it happening to your company? Better than 60% of all US businesses face civil litigation at least once in the course of their operation. According to the FBI, approximately 85% of businesses surveyed in the United States last year reported a financial loss attributed to computer/cyber attacks. With decision maker‚Äôs core focus revolving around the types of attacks and if they originated from the outside or from within, perhaps you should turn your focus on the ramifications after the attack rather than the attack itself.

Read this full article at net-security.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!