cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Masahiro
Newcomer III

A standard of “preponderance of evidence” in civil courts

The question c04.043 of CCSP Official Practice Tests asks like the following.

 

You are the security manager for a retail sales company that uses a software as a service (SaaS) public cloud service. One of your employees uploads sensitive information they were not authorized to put in the cloud. An administrator working for the cloud provider accesses that information and uses it for an illegal purpose, benefiting the administrator and causing harm to your organization.
After you perform all the incident-response activity related to the situation, your organization determines that the price of the damage was US$125,000. Your organization sues the cloud provider, and the jury determines that your organization shares in the blame (liability) for the loss because it was your employee performing an unauthorized action that created the situation.
If the jury determines that 25 percent of the evidence shows that the situation was your organization’s fault and 75 percent of the evidence shows that the situation was the cloud provider’s fault, what is the likely outcome?

 

And it says that the cloud provider owes your organization $125,000 under a standard of “preponderance of evidence”.

 

I think this case is in the US because the unit of money is the US dollar. Is this case common all over the US civil courts?

Though in my country, Japan, it is uncommon I think, how about in your country?

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
2 Replies
CraginS
Defender I

Masahiro,

You are correct that the language comes from legal practice in the USA. In USA law there is a distinction between the requirement for a criminal trial jury to convict a person of violating a law and for a civil trial (lawsuit) jury to decide in favor of the plaintiff or the defendant.

To convict a person of a crime the entire jury (every juror) must decide that the decision is "beyond a reasonable doubt." By comparison, in a lawsuit (civil trial) a majority of the jury need only see that the a preponderance of the evidence supports the decision. 

This specific question gets messier because it also involves contract law. IN some civil lawsuits, the dollar amount of a money award may be balanced by the jury seeing a case of contributory negligence, that is both parties did things to cause the wrong act to happen, but one more than the other. So the amount paid to the winner is reduced by the percentage of contribution the winner made to the wrong act. In this hypothetical question the full amount would presumedly be awarded due to the language in the contract.

 

All of the above being said, I am not a lawyer, I just pay attention to stuff. I would ask any forum member who is actually a lawyer to comment on this thread and correct any errors I may have made.

 

I also suspect that the  practice question itself was written by a non-lawyer. This sort of question should be reviewed by a true subject matter expert, i.e. a lawyer, before being used. Further, I do not believe it is a reasonable question for a CCSP. The question addresses legal issues, as described above, not cloud security questions.

 

Craig

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Masahiro
Newcomer III

Thank you, @CraginS .

 


So the amount paid to the winner is reduced by the percentage of contribution the winner made to the wrong act. In this hypothetical question the full amount would presumably be awarded due to the language in the contract.

Oh, it depends on the contract. I think the question should clearly tell the premise.

 

I also suspect that the  practice question itself was written by a non-lawyer. This sort of question should be reviewed by a true subject matter expert, i.e. a lawyer, before being used. Further, I do not believe it is a reasonable question for a CCSP. The question addresses legal issues, as described above, not cloud security questions.

I agree. Thanks again!

 

Masahiro

 

 

 

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile