download instant at

Chapter 2

Sources of Digital Liability

Learning Objectives:

  1. How to access and protect against digital liability exposure.
  2. Business and legal reasons for concern about cyber risks.
  3. Common sources of risk and liability.
  4. Standards of reasonableness and tests of negligence.

Chapter Overview:

  1. This chapter outlines compelling business and legal reasons why organizations can no longer ignore cyber risks, or their consequences.
  2. This chapter provides an overview of how a company’s digital assets create liability exposure.
  3. This chapter provides insight into the difficulty of evaluating and protecting digital assets and the consequences of failure.
  4. This chapter serves as the foundation for understanding how to identify, qualify, and quantify risk of exposure to hackers and lawyers.

Chapter Outline:

  1. Introduction
  1. Assessing and Protecting Digital Assets

A. Risk Assessment

Case on Point: Hackers

Case on Point: Lawyers

Cyberbrief: Major Losses from Internal Intrusion

Cyberbrief: Time to Hold Software Companies Liable

B. Insufficient Protection Against Avoidable Losses

  1. Digital Liability Management

A. Activities That Cause Digital Liability

Figure 2.1 How Files are Created, Deleted, and Recovered

Cyberbrief: Policies in Place

B. Digital Liability: Post-1999

1. Email-Borne Viruses

2. “Dirty Laundry” Websites

3. Self-Restraint

Legalbrief: Twisting in the Wind of Potential Liability

C. Damage Estimations

  1. Common Sources of Risk

A. User Ignorance

Cyberbrief: Hastily Drafted Electronic Documents

B. Lack of Enforceable Policy

C. Social Engineering

D. Excessive Sharing

E. Revealing Candor

  1. Factors Exacerbating Digital Liability

A. Intractable Problems

B. Lagging Practices

  1. Business and Legal Reasons for Concern

A. Because of Zero-Tolerance Environments

Figure 2.2 Components of a Third-Party Information Security Audit

B. Because the Company’s Well-Being Is At Stake

1. The Standard of Reasonableness

2. Consequences When Reasonable Precautions Are Neglected

Figure 2.3 Denial of Service Attack Launched by an Attacker Through

Numerous Zombie Computers

Cyberbrief: The Prudent Man Rule

C. Because of Privileged Information

  1. Tests of Negligence

Figure 2.4 Illustration of How the Goner Virus Was Able to Infect Computers

Chapter Summary:

There are no infallible security systems.

There are cost-effective methods and procedures that can significantly reduce exposure to cyber risks.

Failure to implement stringent cyber security effectively leaves corporate assets vulnerable to both hackers and lawyers.

Adoption of security techniques has been slow in commercial and governmental arenas.

The DLM is designed to facilitate the complete evaluation and comprehensive management of the risks inherent in a connected economy.

Teaching Suggestions:

This chapter addresses liability factors of computer use.

The instructor should emphasize the following ideas:

Computer assets create liability exposure—needless risk from the organization’s failure to take action—which can result in harm.

Management must take time to evaluate the value of data and then the financial impact on business operations if specific systems become unavailable or compromised.

An organization must know which assets require protection and the real or perceived threats against them.

Questions to ponder:

What is liability?

How can risks and exposure be assessed?

What is the outcome of exposed assets?

What is Digital Liability Management (DLM)?

What are some of the activities that cause digital liability?

What are common sources of risk?

What is social engineering?

What is the legal standard of reasonableness?

What is the economic model of marginal cost-benefit analysis?

Answers to End-of-Chapter Discussion Questions:

1. Hackers are motivated by economic or political gain or for the thrill of seeing if they can penetrate a system.

2. The probability of attack could by estimated by assessing the type of data/information being held and trying to determine if it has value to hackers.

3. Information assets most likely to be exposed are those with a high level of financial value, those that are used by numerous users, those that are of value to competitors.

4. If digital assets are compromised, large financial losses can occur or the company’s operations could be severely disrupted or shut down through legal action.

5. The Uniform Electronic Transaction Act (UETA) defines an electronic record or electronic document and provides legal protection against misuse.

6. An economic model of marginal cost-benefit analysis can be used to determine that the costs of safeguards do not exceed the benefits of those safeguards.

7. Products may not work as anticipated as they were not properly tested or do not fit the needs/wants of the organization. A thorough analysis of needs and product evaluation should be conducted prior to installation of a product.

8. This is one way of estimating damage costs. Other methods could include time and cost of all users who are infected, plus down-time, which results in lost sales or services to the customer/client. This is, of course, difficult to measure accurately but should be considered to get a true estimate of cost.

9. All individual’s whose addresses are in an address book could become infected and pass the virus on to other users. Any files or records used by any user could subsequently become infected and further propagate the virus onto others using these same records.

download instant at