Sciweavers

ESORICS
1994
Springer

Liability and Computer Security: Nine Principles

14 years 4 months ago
Liability and Computer Security: Nine Principles
The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly different: many computer security systems are at least as much about shedding liability as about minimising risk. Banks use computer security mechanisms to transfer liability to their customers; companies use them to transfer liability to their insurers, or (via the public prosecutor) to the taxpayer; and they are also used to shift the blame to other departments ("we did everything that GCHQ/the internal auditors told us to"). We derive nine principles which might help designers avoid the most common pitfalls.
Ross J. Anderson
Added 09 Aug 2010
Updated 09 Aug 2010
Type Conference
Year 1994
Where ESORICS
Authors Ross J. Anderson
Comments (0)