Team 1 Sec4.1

From CyberSecurity
Revision as of 15:15, 21 October 2005 by Santtu (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Santtu 08:15, 21 October 2005 (PDT)

Current incentives for defending against cyber attacks:

  1. Regulatory
    1. Gramm-Leach-Bliley Act
    2. Sarbanes-Oxley
    3. Stock exchange rules and regulations
  2. Contract law
  3. Bad press and loss of customer confidence due to attacks which can make company appear insecure.
  4. Cost of downtime in terms of lost business (cite numbers for $ per hour lost)
  5. Cost of downtime in terms of human and hardware resources required to repair
  6. Financial liability for effects of attack, such as covering for bad trades submitted by attacker


Notes on above:

The regulatory acts do not directly relate to critical information technology infrastructure since they deal mostly with protection of customers private information. Even though protecting private information requires attention to computer crime defenses, the actions needed to protect private information does not cover all computer crime. For example if Merrill Lynches trade system were hacked, the attacker could wreck plenty of damage on the financial markets without accessing any private customer information.

Most laws related to computer crime currently deal with punishing attackers rather than forcing targets to protect themselves from attacks.

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec4.1&oldid=1981"