Firewalls: Due Diligence (was: Busting sysadmin, not crackers)

Firewalls
(March 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Due Diligence (was: Busting sysadmin, not crackers)
From:	Roger Marquis <marquis @ roble . com>
Date:	Sat, 14 Mar 1998 10:02:56 -0800 (PST)
To:	Firewalls @ GreatCircle . COM
In-reply-to:	<199803132347 . PAA14982 @ honor . greatcircle . com>
Reply-to:	Roger Marquis <marquis @ roble . com>

Emmanuel Gadaix, wrote:
> What would you think of the following: let's pass some law that force the
> sysadmin of a site to comply with some security standards. Let's have
> fines for sites that are broken into. 

If you deal with government information assets there already is such a
law.  The EEA (Economic Espionage Act) requires due diligence with regards
to safeguarding intellectual property.  At least that's how the law was
explained at NetSec (CSI) seminars last year.  Looking through the EEA
documentation available on the web however doesn't turn up any specific
references to due diligence. 

Roger Marquis
Roble Systems Consulting
http://www.roble.com/consulting

Indexed By Date	Previous:	Commercial Automated reporting tools From: mht @ clark . net
Indexed By Date	Next:	Re: Busting sysadmin, not crackers (was: Pentagon Hackers Caught!) From: "Douglas M. MacFarlane" <madmac @ mcs . net>
Indexed By Thread	Previous:	Commercial Automated reporting tools From: mht @ clark . net
Indexed By Thread	Next:	testing firewalls From: "Mike" <forest_stranger @ email . msn . com>