Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999-q3

NFR Wizards Archives: (no subject)

(no subject)

roger nebel (rogerhomecom.com)
Tue, 24 Aug 1999 20:11:11 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Matt Dunn: "Re: FW: Web server route lost"
Previous message: Bill_Roydspch.gc.ca: "Re: FW: Web server route lost"

Ty,

i am unaware of any legislation, regulation, or precedence which holds
service providers liable for anything not specifically worded in the
contract...thus in general, liability is limited to what's in the
service contract, period. (or not in the contract - we did work for a
super-regional bank a while back who outsourced all their various web
sites to numerous hosting firms, in fact they still do, and the
contracts stated that the bank was responsible for determining if there
was adequate security! the hosting firm was in effect exempt, and had
numerous exploitable vulnerabilities to boot.) having said all that, the
financial regulators (ffiec, fdic, occ, ots, ncua, etc.) require their
regulated industries to conduct due diligence on the security of their
service providers (SAS 70 audits for example) as part of their safety
and soundness assessment.

--roger

"Mellon, Ty" wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello, everyone. I am looking for information on regulation, statutes,
> etc., that address a company's liability when providing a service
> without adequate security.
> For example, a Web-hosting company is hosting multiple commerce
> servers for third-party companies. Does anybody have any idea of the
> liability incurred by the Web Hosting company should the servers
> integrity be compromised and any financial losses occur? Any
> resources, (links, whitepapers, etc...) would be greatly appreciated!
> Thanks!
>
> Ty Mellon
> Account Manager - Active Security, Network Associates, Inc.
> * Voice: (800)338-8754x7918 * Fax: (972)855-2664
> * Email: ty_mellonnai.com
> www.nai.com
> http://www.nai.com/activesecurity/
> Gauntlet Firewall - Virtual Private Networks(VPN) - PGP (encryption) -
> CyberCop Scanner (Vulnerability & Risk Assessment) - CyberCop Monitor
> (Real-time Intrusion Detection)
> Who's Watching Your Network?
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5
>
> iQA/AwUBN8K+p6Bda5ixDLy5EQKW4gCgtHvyiaU4fTWBhhhd88iqkNkeZQoAoPy4
> 6QlFbbmlZj1BfSHqkcvEWz30
> =0V3Q
> -----END PGP SIGNATURE-----

application/x-pkcs7-signature attachment: smime.p7s

Next message: Matt Dunn: "Re: FW: Web server route lost"
Previous message: Bill_Roydspch.gc.ca: "Re: FW: Web server route lost"

This archive was generated by hypermail 2.0b3 on Thu Aug 26 1999 - 09:27:17 CDT