An Emerging Information Security Minimum Standard of Due Care

This Guide is a revised version of a paper that first appeared in 2005 in Information Security Management Handbook, Fifth Edition, Volume 2.

The paper examines the emerging body of law surrounding an enterprise’s responsibility for securing information, together with the emerging body of information security management principles and practices for doing so. Seven key information security management elements are identified which we believe constitute an information security minimum standard of due care. Enterprises failing to implement these seven management elements could face significant legal exposure should they suffer a security breach resulting in damage to a 3rd-party.

The paper applies explores the application to information security of appellate rulings in several negligence cases to the questions of Duty of Care and Breach of Duty: Kline v. 1500 Massachusetts Avenue Apartment Corp, United States v. Carroll Towing Co, Texas & P.R v Behymer, T. J. Hooper v. Northern Barge and People Express Airlines v. Consolidated Rail Corp.

http://www.citadel-information.com/

Information Security Standard of Due Care

A very short overview of emerging information security laws, regulations and practitioner standards. http://www.citadel-information.com.

Citadel Guide: Eight Steps to Protecting Sensitive Middle-Market Data

A short overview of eight critical things management must do to defend against cyber-attack.

http://www.citadel-information.com/

Citadel Guide: Effectively Managing Information Security Risk

A guide for senior executives having responsibility for designing and implementing a cost-effective program program to secure critical information assets.

http://www.citadel-information.com/