Will legal consequences improve security? – If you have not implemented critical security controls, soon your negligence could cause legal consequences.

At least when your company is in California, a state that has been quite at the forefront lately when implementing and enforcing new laws, rules or regulations in regards to IT security and data privacy. And they seem to continue to be up and at them…

The linked article quotes a report by the Californian attorney general who comes to the conclusion that failure to implement the 20 recommended critical security controls by SANS might constitute a lack of “reasonable security”. Though this does not impose any legal consequences just yet, it might change in the future, when judges and courts made legal decisions.

I am wondering though whether harsh legal consequences, will improve security.

Driving gets fined heavily in most countries, yet you still see people speeding recklessly, if they can get away with it…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s