6.2 Liabilities: Who is at Fault?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
let's talk about these legal concepts. So when we start talking about legal considerations, we have to discuss liability. We want to ensure that the information our customers or employees or patients have entrusted us with that we protect. We also want to make sure that we protect the assets
that are bored or stakeholders shareholders
I have entrusted to us. So ultimately, what we want to do, we want to do the right thing,
right? So we want to demonstrate, do care and due diligence. Now, don't take these definitions back to law school. But just to remember, due diligence is the research do care
is the action.
So if I'm gonna go out and determine what industry standards are for my business, I'm gonna look at all the laws. I'm gonna make sure that I understand them well educated, due diligence. But if that's all I do, if I stop there, it doesn't really make any difference, right? It's really more important that I act
rather than I know,
right. So do care is the action. The two should go hand in hand. But if you were to see some sort of question like in relation to
culpable negligence, which is more important. Do you care? Due diligence whilst you care. If you care, you will act.
All right then There's also a prudent person rule
and used to be called the Prudent Man Rule. But we are a politically correct, gender neutral society. So it is the prudent person rule now, even though it's his prudent man on the screen and essentially based on a judge's discretion, can we demonstrate
we've acted responsibly in cautiously as a prudent person would do
so These air just elements that will help us avoid liability. You care Due diligence Acting is a prudent person. Three idea with downstream liabilities. And this is something I've said throughout the course is, Even though I can share risk, I cannot share liability or I cannot trends for liability.
So if I, as a health care provider, choose to store my information in the Cloud Cloud Service provider,
I'm still legally responsible for the protection of that data. And even though there's a failure, the Cloud service provider you know I'll get financial compensation based on the service level agreement, most likely, but I'm still liable for the protection of that data so
talk about downstream liabilities. We all know outsourcing doesn't eliminate our liabilities.
Hey, um
and you know, this last bullet point integrated technology with other comes cos you know again is we're outsourcing. Or as my technology is dependent on your organization's technology, this becomes a little bit less clear cut than it's been Traditionally, right?
Liabilities, we wantto avoid them.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By