OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: The SANS Institute (Webcasts_at_sans.org)
Date: Mon Feb 24 2003 - 17:51:34 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You are invited to a fast-paced web-based briefing and discussion on
    Legal Liability for Security Breaches - and Minimum Standards of Due
    Care

    Date: Wednesday, February 26, 2003
    Time: 1 PM EST (1800 UTC)
    Register at: http://www.sans.org/webcasts/022603.php

    Program description
    Legal liability has long been "future motivator" for improved security.
    The future has arrived. What can companies do to ensure they are meeting
    minimum standards of due care?

    Litigation and Laws
    A health care organization faces a class action law suit for inadvertent
    disclosure of personal information for 500,000 clients using an
    innovative theory of damages.

    A new law in California requires companies to tell customers when their
    name -- along with either their Social Security number, driver's license
    number or credit card or debit account number in combination with
    security or access codes -- has been accessed by an unauthorized person.
    When it goes into effect in July, attorneys will have a continuous
    stream of organizations as potential litigation targets.

    And there are more.

    Minimum Standards of Due Care

    More than 100 organizations, government and commercial, around the
    world, have joined forces to establish minimum security benchmarks for
    systems connected to the Internet. The US Department of Defense just
    published a study proving that systems configured using the benchmarks
    are free of more than 85% of all known vulnerabilities and are even
    protected from many newly discovered vulnerabilities.

    It is not unreasonable to expect courts to rely on these consensus
    benchmarks as one possible set of minimum standards of due care.

    The Speakers
    We are honored that the most respected private attorney on these matters
    has agreed to provide an update on the litigation and laws and to answer
    your questions. Mark Rasch was the head of the US Department of Justice
    Computer Crime and Intellectual Property Section and has, for nearly a
    decade, provided some of the most insightful and interesting analysis
    of trends in cyber law.

    Joining Mark is Hal Pomeranz, the top teacher of security hardening
    techniques, and one of the technical directors of the multinational
    effort to establish consensus on minimum standards of due care for
    security configurations.

    Alan Paller, research director of the SANS will moderate the session.
    The session sponsor is BindView.