RE: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info

Tue, 22 Nov 2005 12:05:21 -0800

Not just SOX. HIPAA and GLB will do the same thing. HIPAA will hold an individual practioner liable for security failures, if the corp had an acceptable plan but the implementation either never took place or was done shoddily. If the plan isn't in place, then the admins are liable - personally liable.
--On Tuesday, November 22, 2005 12:20:33 -0700 Christopher Carpenter <[EMAIL PROTECTED]> wrote: 


Hi Jason, Paul:

While Jason's point may _currently_ be valid in reference to
programmers, legislation like Sarbanes-Oxley is reiterating individual
accountability for auditors and executives.  We may see a trickle-down
effect to lower level management and/or project managers if other
corporations infringe on personal liberties or "pull a Sony."

Chris

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason
Coombs
Sent: Tuesday, November 22, 2005 12:13 PM
To: Paul Schmehl
Cc: [EMAIL PROTECTED]; [email protected];
[email protected]
Subject: Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit
Info

Paul Schmehl wrote:

So, all those corporate execs walked out of the court house in

handcuffs

weren't really going to jail?


There's a huge difference between a financial crime committed by an
individual and a crime committed by a corporation.

Let me know if the distinction confuses you and we'll discuss this more
privately. You are aware that not every action of a person employed by a

corporation is considered an action of the individual, right?

No individual programmer who writes spyware will ever be prosecuted for
doing his or her job on behalf of a corporation. No exec who instructs
said programmer to author said spyware will ever have personal criminal
liability for giving said instruction.

If you don't like the world you live in, change it or get out.

Regards,

Jason Coombs
[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






















					Reply via email to