Firewall Wizards mailing list archives
Re: InfoSec Consultant Liability Question
From: "Joe Dauncey" <j_dauncey () hotmail com>
Date: Fri, 29 Oct 1999 12:54:41 +0100
Frank, You shouldn't focus your efforts on insurance, but on stressing to your clients the risk element of security. How much money do they want to spend on lowering the risk ? You will never ever get a completely secure site/implementation, and if your clients are under any impression of this then you probably need to put more work into explaining this to them. Your role is to explain what measures can reduce risk, not how to prevent them from being compromised. At the end of the day it is their fault if they get compromised because they probably weren't prepared to spend the cash to eliminate the risk in the area in which they were compromised. However, if you tell them that a Windows 98 client is a reliable firewall, then I guess that you could be asking for it !! Is this view controversial ? I hope not !! Cheers, Joe Dauncey j_dauncey () hotmail com ----- Original Message ----- From: Frank Pawlak <FPAWL () pcsentre com> To: <firewall-wizards () nfr net> Sent: Friday, October 15, 1999 7:45 PM Subject: InfoSec Consultant Liability Question
I am considering entering the InfoSec field as an independent consultant.
My question is what kind of legal liabilities are general encountered during the course of work? Is there Insurance available, like a type of mal-practice insurance?
I understand that systems can not be made 100% secure, and that knowledge
transfer can be made to the client. But, there remains the possibility that if a network is compromised, the client may litigate for damages, etc.
Any advice or pointers are most welcome. My thanks in advance. Frank Pawlak
Current thread:
- Re: InfoSec Consultant Liability Question Joe Dauncey (Nov 01)
- Re: InfoSec Consultant Liability Question Marcus J. Ranum (Nov 01)
- <Possible follow-ups>
- RE: InfoSec Consultant Liability Question Pearson, Arran (Nov 02)