Firewall Wizards mailing list archives
Re:
From: roger nebel <roger () homecom com>
Date: Tue, 24 Aug 1999 20:11:11 -0400
Ty, i am unaware of any legislation, regulation, or precedence which holds service providers liable for anything not specifically worded in the contract...thus in general, liability is limited to what's in the service contract, period. (or not in the contract - we did work for a super-regional bank a while back who outsourced all their various web sites to numerous hosting firms, in fact they still do, and the contracts stated that the bank was responsible for determining if there was adequate security! the hosting firm was in effect exempt, and had numerous exploitable vulnerabilities to boot.) having said all that, the financial regulators (ffiec, fdic, occ, ots, ncua, etc.) require their regulated industries to conduct due diligence on the security of their service providers (SAS 70 audits for example) as part of their safety and soundness assessment. --roger "Mellon, Ty" wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, everyone. I am looking for information on regulation, statutes, etc., that address a company's liability when providing a service without adequate security. For example, a Web-hosting company is hosting multiple commerce servers for third-party companies. Does anybody have any idea of the liability incurred by the Web Hosting company should the servers integrity be compromised and any financial losses occur? Any resources, (links, whitepapers, etc...) would be greatly appreciated! Thanks! Ty Mellon Account Manager - Active Security, Network Associates, Inc. * Voice: (800)338-8754x7918 * Fax: (972)855-2664 * Email: ty_mellon () nai com www.nai.com http://www.nai.com/activesecurity/ Gauntlet Firewall - Virtual Private Networks(VPN) - PGP (encryption) - CyberCop Scanner (Vulnerability & Risk Assessment) - CyberCop Monitor (Real-time Intrusion Detection) Who's Watching Your Network? -----BEGIN PGP SIGNATURE----- Version: PGP 6.5 iQA/AwUBN8K+p6Bda5ixDLy5EQKW4gCgtHvyiaU4fTWBhhhd88iqkNkeZQoAoPy4 6QlFbbmlZj1BfSHqkcvEWz30 =0V3Q -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [no subject] Mellon, Ty (Aug 24)
- Re: roger nebel (Aug 25)