Skip to main content
Book ChapterOPEN ACCESS

Liability and computer security: Nine principles

  • Anderson R
DOI: 10.1007/3-540-58618-0_67
N/ACitations
Citations of this article
63Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly different: many computer security systems are at least as much about shedding liability as about minimising risk. Banks use computer security mechanisms to transfer liability to their customers; companies use them to transfer liability to their insurers, or (via the public prosecutor) to the taxpayer; and they are also used to shift the blame to other departments (“we did everything that GCHQ/the internal auditors told us to”). We derive nine principles which might help designers avoid the most common pitfalls.

Cite

CITATION STYLE

APA

Anderson, R. J. (1994). Liability and computer security: Nine principles (pp. 231–245). https://doi.org/10.1007/3-540-58618-0_67

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free