cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Men guilty of allergy death

Some friends ordered takeaway food from a restaurant, noting an allergy to prawns and nuts.

 

A 15 year old girl died after eating the meal.

 

Testing found the extensive presence of peanut protein in the food.

 

The owner of the restaurant and the delivery driver have been convicted of manslaughter.

 

So, what does this have to do with information security?  Well, it has to do with negligence.  We've been pretty cavalier about responsibility for the safety and security of our information systems.  "No, that's the responsibility of the developer."  "No, that's the responsibility of the user."  "No, that's hardware."

 

It's time to start thinking hard about liability and responsibility.  Before some court does it for us ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
Caute_cautim
Community Champion

I agree, this is indeed an important issue to resolve and bring to the fore.   The implications and rush to bring new ideas and new related technology to the market rushing and pushing it out - with little concern for the implications is great for those Agile minded developers, with their Kanbans, and standups - but they have very little regard for the implications of their decisions i.e. privacy by design and secure by design.  

 

Just get it out to the market, and selling with regard from a liability and responsibility perspective.

 

Look at the legacy IoT issues, we now face, the issues around privacy and even this week Nissan admitted that they had left the recording function on their internal entertain system on for three months, collecting all sorts of information, before they decided to turn it off.   So what happened to the data collected, I bet it was analysed thoroughly, but no mention of whether the individual owners were informed, or that the data totally erased and eliminated.

 

More of this is going to happen regularly, and we need to take some responsibility going forward.

 

Regards

 

Caute_cautim