Computer "Insecurity" and Viral Attacks : Liability Issues Regarding Unsafe Computer Systems Under Quebec Law

Un résumé en français est également disponible.[À l'origine dans / Was originally part of : CRDP - Droit et technologies d'information et de communication]In a context where computer viruses present a serious risk to networks around the globe, there is a need to create liability for companies who do not maintain adequate security. Quebec courts have yet to be presented with a case involving computer virus liability. This article attempts to draw a general outlook of viral liability in relation to general liability principles under Quebec law. The author proposes ways of interpreting the traditional three-pronged test composed of fault, damage and causal link, stressing on the standard of care imposed on a system administrator. Regarding this key player, some general provisions can go a long way in limiting its liability. In addition, manufacturers and distributors may also share liability in proportion to the seriousness of their fault. Businesses have a legal duty to ensure that their systems are secure to protect the interests of their customers as well as third parties

Digital Piracy: Neutralising Piracy on the Digital Waves

Rates of digital piracy, defined by Gopal, et al. (2004: 3) as ‘the illegal act of copying digital goods for any reason other than backup, without permission from or compensation to the copyright holder’, appear to be rising despite increasingly stringent methods employed by both legislators and the industries affected to curtail it. The harm it causes the industries is also increasing; affecting everyone from producers to consumers. This study explores the aetiology of digital piracy; specifically whether students in the United Kingdom neutralise the guilt for their actions through the use of Sykes and Matza’s (1957) techniques of neutralisation. Through the data collected from an online survey (n=114) this study finds that students typically neutralise their guilt when committing piracy through an ‘appeal to higher loyalties’ and a belief that ‘everyone else does it’. The use of these specific techniques implies that piracy has become a social norm for students at university who do not see it as morally wrong. The study concludes by suggesting the policy implications of these findings and potential avenues for further research

The Relationship Between Situational Crime Prevention Theory and Campus Employee Computer Misuse

Computer misuse is a leading problem for all industry sectors, including higher education. However, much of the current research related to computer misuse has been conducted in the business sector, leaving higher education a relatively unstudied group. Many theories have been addressed in computer security literature, but only one theory offers a more holistic solution to combating computer misuse, Situational Crime Prevention Theory. Situational Crime Prevention Theory encompasses four categories of countermeasures: countermeasures that Increase the Perceived Effort of the offender, countermeasures that Increase the Perceived Risk of the offender, countermeasures that Reduce the Anticipated Rewards of the offender, and countermeasures that Remove the Excuses to offend. This study endeavored to investigate whether a relationship exists between the categories of ountermeasures found in Situational Crime Prevention and the actual number of computer misuse incidents reported by CIO\u27s of public, four-year colleges and universities. Using a web-accessible, anonymous questionnaire, CIO\u27s of 442 public, four-year colleges and universities were asked to provide information related to the countermeasures that they have in place at their institutions and the number of insider computer misuse incidents their institutions experienced in the year 2009. The data were analyzed with PLS-Graph software to include composite reliability, t statistic and critical value analysis, and R-square analysis. Results showed a significant relationship between two out of four categories of countermeasures and the actual number of computer misuse incidents. These results would be particularly useful to administrators in higher education who are responsible for designing a technology security plan that is focused and cost-effective

La responsabilité civile des intermédiaires ayant participé à la transmission de virus informatiques sur Internet

Mémoire numérisé par la Direction des bibliothèques de l'Université de Montréal

Cyber security information sharing in the United States : an empirical study including risk management and control implications, 2000-2003

A tremendous amount of change in traditional business paradigms has occurred over the past decade through the development of Electronic Commerce and ad\ ancements in the field of Information Technology. As lesser-developed countries progress and become more prosperous. traditional . first world' countries have migrated to become strong service oriented economies (Asch, 200 I). Supporting technologies have developed over the past decade which has exploited the benefits of the Internet and other infonnation technologies. While Electronic Commerce continues to grow there is a corresponding impact on computer software and individual privacy (Ghosh and Swaminatha, 200 I). Recently. the U.S. National Institute of Standards and Technology (NIST) found that software bugs cost the U.S. economy approximately $59.5 billion, or .600/0 of the annual Gross Domestic Product (U.S. Department of Commerce, 2003). In addition, we have witnessed a rise in the strength and impact of Denial of Service and other types of computer attacks such as: viruses. trojans. exploit scripts and probes/scans. Popular industry surveys such as the annual Federal Bureau of Investigation/Computer Security Institute (Gordon. Et. AI.. 2006) confirm the growing threats in the Information Assurance field. In addition to these concerns our increased reliance on the Internet enabled systems (loudon and loudon. 2000). E-Commerce systems and Information Technologies an integrated suite of risks which must be managed effectively across the public and private sectors (Backhouse. Et. AI. 2005. Ghosh and Swamintha. 200 I. Parker. 200 I. Graf. 1995. Greenberg and Goldman, 1995). Previous research (Rumizen, 1998. Haver, 1998, Roulier, 1998) examined InterOrganisational, Web Infonnation Systems and Government Information Systems in order to assess how companies and other organisations can effectively design these information systems such that maximum benefits can be achieved for all participating organisations. Furthermore, Davenport, Harris and Delong (2001) and Davenport (1999) explained that collaboration is central to the results of a knowledge management system in which open, nonpolitical, non-competitive entities are involved in environments to achieve optimal individual and collective results. Before this memorable event. some related programmatic initiatives were already in-process at that time. The United States government built upon its active leadership in the areas of computer security and information assurance when it launched a number of important efforts to manage information security threats. This was clearly evident when President Clinton made the U.S. National Infrastructure (Nil) a major national priority in the 1 990s. One critical development occurred in 1998 when the National Infrastructure Protection Centre was established to be the central point for gathering, analysing and disseminating critical cyber security information and built upon the previous success of the national Computer Emergency Response Team (CERT). Earlier research (Rich. 2001, Soo Hoo, 2000. Howard. 1997 and Landwher, 1994) addressed various aspects of information security information and incident reporting. Also. Vatis 0001) addressed some research considerations in this area while investigating foreign network centric and traditional warfare events primarily through Denial of Service and Web Site Defacement attacks. However. areas for new exploration existed especially as they related to U.S. critical infrastructure protection (Karestand. 2003. Vatis. 200 I. U.S. General Accounting Office. 2000. Alexander and Swetham. 19(9). Finally. Information and Network Centric Warfare (Arens and Rosenbloom. 2003. Davies. 2000. Denning and Baugh. 2000. and Schwartau. 1997) are increasing national security issues in the \\' ar on Terrorism and Homeland Security in general