Corporate Officers And Directors Need To Take Responsibility For Securing Corporate Information Assets, Report Says.Business Editors/High-Tech Writers REDWOOD CITY Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif.--(BUSINESS WIRE)--July 30, 2001 Recourse Technologies(TM) Report, Written by Tech Industry Legal Expert, Finds Evidence That Directors/Officers Can be Held Liable for Loss of Data Due to Hacking Corporate officers and directors are legally responsible--and potentially liable--for the protection of a company's information systems and corporate data, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a study made available today by Recourse Technologies(TM), Inc., the leader in network security threat management systems. The report, written by Daniel J. Langin, a respected technology industry attorney and cyber-security legal expert, concludes that companies, their officers, and their boards of directors are vulnerable to lawsuits due to the growing number of statutes and business contracts requiring adequate IT data protection, as well as case law established in related legal territory. Entitled "Out of the NOC (Network Operations Center) A central or regional location for monitoring a large network. Also called a "network management center" (NMC), "service management center" (SMC) or "network control center" (NCC), a NOC may be used to manage a large enterprise network, (a) and Into the Boardroom: Director and Officer Responsibility for Information Security," the paper lays out the specific opinions and evidence supporting the need for D&O supervision of a company's information assets. Among the report's findings: -- 85% of the 538 companies surveyed in a 2000 Computer Security Institute/FBI computer crime study reported an intrusion or exploit of their corporate data, with 64% suffering a loss; -- Directors and Officers, as in the Y2K scare, are assumed to have sufficient knowledge about hacker attacks today to make information asset protection a matter of fiduciary duty; -- Far-reaching legislation, including Gramm-Leach-Bliley and the Health Information Portability and Accountability Act (HIPAA), require companies to employ strong information security to protect sensitive information, and allow for consumer lawsuits for damages resulting from non-compliance; -- Most contracts that establish strategic alliances, partnerships and joint ventures between companies now contain clauses stipulating security for shared information; -- Juries will soon be tempted to apply established product liability and premises liability standards to cases where losses to information assets are suffered on a party's systems due to a company's failure to maintain adequate data security. "At one time, the most valuable assets of a company were considered to be its buildings, inventories, equipment, vehicles, and so on. Today, non-physical corporate assets are number one--especially a company's vital information," said Frank Huerta, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Recourse Technologies. "In the information age, companies must recognize and protect their critical resources, not only for their own sake, but also for the sake of their customers, shareholders, partners, even the general public." "Ask almost any corporate officer or director to provide you with the location of the company's physical assets and describe how they are protected from loss, and they can either tell you or simply point you to a copy of the company's Annual Report," said Daniel Langin, author of the report. "Ask any corporate officer or director to provide you with the location of the company's physical assets and describe how they are protected from loss, however, and it's a different story. Although a company's information assets may seem less "real" than physical assets like buildings, vehicles and inventory, the duty of an officer or director to ensure that these information assets are protected is no less "real" than the duty to protect tangible corporate assets." Intrusion Protection As Effective Deterrent In the increasingly hazardous hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. environment faced by organizations today, intrusion protection is fast becoming a leading method for corporate boards to reliably secure information assets. A recent market report, "Gaining Control over Infrastructure: Intrusion Detection See IDS and IPS. and Vulnerability Assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. " issued by International Data Corporation (IDC), a leading technology industry research firm, states that corporate purchases of intrusion protection solutions are growing at twice the rate of category-leading vulnerability assessment products. Reasons for such growth, according to the study, include the ability of intrusion detection products to identify intruders, the desire to cover corporate infrastructure with a last-chance safety net, and the growth of anomaly detection An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly. technology, which can flag a potential attack even if an intruder's "signature" cannot be identified. Langin, in his report, describes Recourse Technologies ManHunt man·hunt n. An organized, extensive search for a person, usually a fugitive criminal. manhunt Noun an organized search, usually by police, for a wanted man or fugitive Noun 1. (TM) and ManTrap man·trap n. 1. A trap set to catch trespassers or poachers. 2. Slang A woman considered dangerously seductive and scheming. Noun 1. (R) as powerful and effective software solutions to help companies protect their information assets from harm. ManHunt is the first comprehensive threat management system that protects networks from intrusions and denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS, DDoS) attacks. The software analyzes and aggressively responds to both known and novel data network attacks, logging and analyzing attack activities at speeds up to one gigabit per second and detecting intruders through detailed protocol anomaly A deviation from the standard protocol. An intrusion detection system (IDS) may look for protocol anomalies in order to identify attacks without a signature. Protocol anomalies reduce false positives with well-understood protocols, but may cause false positives with poorly understood or analysis. If an attack is detected, ManHunt instantly shares information across networks for examination and response, then quickly responds via a number of pre-determined methods including termination of malicious connections, sending alerts to security administrators, tracking that establishes the precise attack entry point, and launching custom response code. ManTrap is the industry's leading secure deception system. Employing advanced honeypot A server that is configured to detect an intruder by mirroring a real production system. It appears as an ordinary server doing work, but all the data and transactions are phony. Located either in or outside the firewall, the honeypot is used to learn about an intruder's techniques as technology, ManTrap works covertly to trap hackers within a deception host, then tracks their moves in order to contain, monitor, and identify the intruder An attacker that gains, or tries to gain, unauthorized access to a system. See attacker, intrusion and IDS. . With ManTrap, network administrators have the time and information needed to respond appropriately to the attempted security breach, simply by preventing the intruder from coming back again or actually using the data to apprehend the intruder. "Out of the NOC(a) and Into the Boardroom: Director and Officer Responsibility for Information Security" provides full references and other industry information. The copyrighted white paper can be found free of charge at http://www.recourse.com. (a) Network Operations Center See NOC. Network Operations Center - (NOC) A location from which the operation of a network or internet is monitored. Additionally, this center usually serves as a clearinghouse for connectivity problems and efforts to resolve those problems. About Recourse Recourse Technologies(TM) is the leading provider of threat management solutions that contain, control, and respond to both known and novel threats, including intrusions, internal attacks and denial of service (DoS, DDoS) attacks. With Recourse, businesses gain the time and information critical for enabling secure and uninterrupted business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets . ManHunt(TM) is the first comprehensive threat management system that goes beyond traditional intrusion detection to provide a scalable and effective solution for detecting, analyzing and responding to attacks. ManTrap(R) is the industry's leading secure deception system (based on honeypot technology) that provides a realistic and flexible way to identify internal and external security threats. To learn more about managing network threats, visit the Web site at www.recourse.com or call 1-877-786-9633. Recourse Technologies, Inc. headquartered in Redwood City, California Redwood City is a suburb located on the San Francisco Peninsula in the San Francisco Bay Area of California. Redwood City is the county seat of San Mateo County. As of the 2005 census, the city had a total population of 76,000. , is privately held and is funded by Canaan Partners, Doll Capital Management (DCM DCM abbr. Distinguished Conduct Medal ), Intel Capital, and Menlo Ventures. Recourse Technologies and ManHunt are trademarks of Recourse Technologies. ManTrap is a registered trademark of Recourse Technologies. All other trademarks belong to their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion