Frank, You shouldn't focus your efforts on insurance, but on stressing to your clients the risk element of security. How much money do they want to spend on lowering the risk ? You will never ever get a completely secure site/implementation, and if your clients are under any impression of this then you probably need to put more work into explaining this to them. Your role is to explain what measures can reduce risk, not how to prevent them from being compromised. At the end of the day it is their fault if they get compromised because they probably weren't prepared to spend the cash to eliminate the risk in the area in which they were compromised. However, if you tell them that a Windows 98 client is a reliable firewall, then I guess that you could be asking for it !! Is this view controversial ? I hope not !! Cheers, Joe Dauncey j_daunceyat_private ----- Original Message ----- From: Frank Pawlak <FPAWLat_private> To: <firewall-wizardsat_private> Sent: Friday, October 15, 1999 7:45 PM Subject: InfoSec Consultant Liability Question > I am considering entering the InfoSec field as an independent consultant. My question is what kind of legal liabilities are general encountered during the course of work? Is there Insurance available, like a type of mal-practice insurance? > > I understand that systems can not be made 100% secure, and that knowledge transfer can be made to the client. But, there remains the possibility that if a network is compromised, the client may litigate for damages, etc. > > Any advice or pointers are most welcome. My thanks in advance. > > Frank Pawlak > > > > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:45 PDT