[EMAIL PROTECTED] wrote:
>
> Unless the law requires all Internet connections to have
> firewalls/virus detection/intrusion detection/strong authentication/ect. it
> is perfectly legitimate for a small business to not have a secure network
> that they do not need nor can they afford to pay for as long as they don't
> have confidential material like personal information on customers on those
> systems.
By that argument wouldn't it be legitimate for an airline not to provide
proper airplane maintenance because its complex and expensive?
Or a radio station not to properly monitor their out of frequency emissions,
power output, and distortion because its expensive and complicated?
Or a factory not to monitor their pollution emissions?
How much responsibility does a factory have to secure hazardous material,
a common carrier to secure access to their vehicles, a radio station
to safeguard its use of the airwaves?
What about the "attractive nuisance" argument? If I habitually leave my
keys in my car next to a playground and a kid climbs in, drives off,
and hurts someone, am I responsible?
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
