|
The SMSI consultation team members are continually being retained as security experts in cases questioning the reasonableness of a wide range of security operations. These cases usually assert some form of negligence. Philosophically, SMSI would prefer to avert this category of litigation. However, our participation in these cases keeps us on our toes and enables us to transfer lessons learned to our clients.
In subsequent issues, we will try to pass on the lessons learned from cases in which we have participated. We will not make specific reference to the case through provision of the case caption. We will provide information regarding the security shortfalls that encouraged the case to be filed as well as relate various strengths that made the case more defensible.
There is one truism of litigation: "When you get sued, you loose."
Whether you are right or wrong, lawsuits are always costly, especially when they are covered by the media. Prevention is the best strategy.
The two most common factors that, in some way, come up in every security lawsuit are documentation and training. Inadequate documentation will often exacerbate your ability to have a successful defense. Additionally, if you are sued, prepare to have all security training programs put under a magnifying glass. Remember, when a security incident occurs, the clock stops. Your entire security operation will be examined from that point backwards. |
