Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re:

From: roger nebel <roger () homecom com>
Date: Tue, 24 Aug 1999 20:11:11 -0400
Ty,

i am unaware of any legislation, regulation, or precedence which holds
service providers liable for anything not specifically worded in the
contract...thus in general, liability is limited to what's in the
service contract, period.  (or not in the contract - we did work for a
super-regional bank a while back who outsourced all their various web
sites to numerous hosting firms, in fact they still do, and the
contracts stated that the bank was responsible for determining if there
was adequate security!  the hosting firm was in effect exempt, and had
numerous exploitable vulnerabilities to boot.) having said all that, the
financial regulators (ffiec, fdic, occ, ots, ncua, etc.) require their
regulated industries to conduct due diligence on the security of their
service providers (SAS 70 audits for example) as part of their safety
and soundness assessment.  

--roger

"Mellon, Ty" wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, everyone. I am looking for information on regulation, statutes,
etc., that address a company's liability when providing a service
without adequate security.
For example, a Web-hosting company is hosting multiple commerce
servers for third-party companies.  Does anybody have any idea of the
liability incurred by the Web Hosting company should the servers
integrity be compromised and any financial losses occur?  Any
resources, (links, whitepapers, etc...) would be greatly appreciated!
Thanks!

Ty Mellon
    Account Manager - Active Security, Network Associates, Inc.
* Voice: (800)338-8754x7918     * Fax:  (972)855-2664
* Email: ty_mellon () nai com
www.nai.com
http://www.nai.com/activesecurity/
Gauntlet Firewall - Virtual Private Networks(VPN) - PGP (encryption) -
CyberCop Scanner (Vulnerability & Risk Assessment) - CyberCop Monitor
(Real-time Intrusion Detection)
Who's Watching Your Network?

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5

iQA/AwUBN8K+p6Bda5ixDLy5EQKW4gCgtHvyiaU4fTWBhhhd88iqkNkeZQoAoPy4
6QlFbbmlZj1BfSHqkcvEWz30
=0V3Q
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Previous By Date Next
Previous By Thread Next

Current thread: