Fowarded from: Sheri Moreau <firstname.lastname@example.org> > Forwarded from: Marjorie Simmons <email@example.com> > > What if the organization for which you work, and for which you are > the primary or sole information security person, (or are the > consultant that designed the systems security), suffers a security > breach, and the US federal government decides that the breach was > accomplished by terrorists, and that you are the primary at-fault > person, and they arrest you because, to them, it looks like you may > have helped? (Don't forget the contemporary lawmaking that makes > hacking a terrorist act -- though the 'terrorist' may be a > 12-year-old from Lincoln, Nebraska.) Would you call your lawyer? We've had this discussion before; it's a philosophical question that doubtless puzzled King Solomon. If you leave your car door unlocked and your laptop on the seat, and a thief takes it, who's culpable? Temptation is a crime worthy of the death penalty in some countries... (think: chador) What will the (1) police (2) lawyers/judge (3) insurance company say about your laptop loss? Sure, there was a theft, but sheesh--you were practically asking for it (2 out of 3 will probably say this, and 3/3 will think this, yes?). Does the age of the thief matter? What about the thief's intent? Was your laptop a target of opportunity, or a targeted acquisition by a corporate spy? Scenarios for conjecture: 1. You leave the door unlocked and the laptop in clear view on the seat and a thief takes it 2. You leave the door unlocked and stuff the laptop behind the seat and a thief takes it 3. You lock the door and hide the laptop in the trunk and a thief prys up the trunk lid, or breaks a window and pushes the trunk release button and takes the laptop 4. You get real tired of replacing laptops, so you lock the door (or maybe not) and hide a fake laptop in the trunk with an explosive paint device that allows you to track the unauthorized intruder. and so forth. It's been said before: Security is everyone's responsibility. Protect your interests. My two cents. Sheri firstname.lastname@example.org - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 04:29:47 PDT