Tags: Solve A Simpler Problem Math StrategyLong Term Business PlanEssay TerrorismHomeworks For StudentsPlan Of Development EssayDissertation In AccountingEasy Compare Contrast EssayIntroduction Of Business Plan
We know how to build much more secure access control systems. To be sure, there are still technological problems, and research continues.But in the real world, network security is a business problem.This same kind of economic reasoning explains why software vendors spend so little effort securing their own products.
If we expect CEOs to spend significant resources on their own network security -- especially the security of their customers -- they must be liable for mishandling their customers' data.
Basically, we have to tweak the risk equation so the CEO cares about actually fixing the problem.
This way of thinking about security explains some otherwise puzzling security realities.
For example, historically most organizations haven't spent a lot of money on network security. Because the costs have been significant: time, expense, reduced functionality, frustrated end-users.
There's the company who sold the software with the vulnerability in the first place. There's the attacker himself, who used the tool to break into a network.
There's the owner of the network, who was entrusted with defending that network.
And putting pressure on his balance sheet is the best way to do that. Legislatures could impose liability on the computer industry by forcing software manufacturers to live with the same product liability laws that affect other industries. judge forced the Department of Interior to take its network offline, because it couldn't guarantee the safety of American Indian data it was entrusted with.
If software manufacturers produced a defective product, they would be liable for damages. Several cases have resulted in penalties against companies that used customer data in violation of their privacy promises, or collected that data using misrepresentation or fraud.
One hundred percent of the liability shouldn't fall on the shoulders of the software vendor, just as one hundred percent shouldn't fall on the attacker or the network owner.
But today one hundred percent of the cost falls on the network owner, and that just has to stop. Currently, there is no reason for a software company not to offer more features, more complexity, more versions.