Network Security as a “Legal Issue”
Organizations are expected to exercise “reasonable care” to ensure that they protect assets
on their networks and to ensure that their network resources are not used against others.
Consider the following scenario: An employee of Company X uses his computer (without
authorization) to scan the Internet and eventually finds a server that belongs to Company Y
that he is able to take control of using a documented exploit. The employee then uses that
server to break into the database server at Insurance Company Z and steal the medical
records of a celebrity that contain very sensitive and potentially damaging personal
information. The stolen information is later distributed to the public. Who is responsible? Of
course, the employee is ultimately responsible but probably lacks the financial resources that
make it worthwhile for the celebrity to seek legal recourse. However, companies X, Y, and Z
will all likely become involved in legal action as a result of this theft.