Responsibilities and Liabilities with Respect to Catastrophes

Responsibilities and Liabilities with Respect to Catastrophes

C. Warren Axelrod (U.S. Trust, USA)
DOI: 10.4018/978-1-60566-132-2.ch001
OnDemand PDF Download:


This chapter examines the impact of catastrophes on information security and suggests who might have responsibility for maintaining an appropriate level of data protection when a catastrophe occurs. The author asserts that catastrophe contingency planning is very different from regular forms of business continuity and disaster recovery planning in terms of size, focus, scope, and content. Catastrophe contingency plans (CCPs) must comprehend a broad range of potential events affecting large numbers of humans and other living creatures, information processing capabilities, information and media, buildings, and infrastructure, and the like, each with its security considerations, and each characterized by its own roles, responsibilities and liabilities. The intent of the chapter is encourage the development of more comprehensive and realistic CCPs, that is, plans that delineate roles and responsibilities clearly and liabilities should CCPs go awry.
Chapter Preview

“… Brownie, you’re doing a heck of a job.”

– President George W. Bush to Federal Emergency Management Agency (FEMA) director Michael D. Brown in Mobile, Alabama, White House Press Release, September 2, 2005

“On September 12 [2005] Brown resigned …”

See letter at



In the wake of Katrina, a Category 5 hurricane that passed east of New Orleans on August 29, 2005, the levees were breached and New Orleans was flooded. There was plenty of blame to go around for the lack of preparation to prevent the breach and for the inadequacy of the rescue and recovery efforts. Local, state and national politicians and other government representatives were roundly criticized for their lack of planning and foresight and their failure to act appropriately and timely in the face of a mounting disaster and evolving catastrophe. On the one hand, the designers and builders of the levees were attacked for their having under-designed these protective structures. On the other hand, those responsible for responding to the event were first praised and subsequently pilloried for the inadequacy of their performance and the great suffering and destruction of property and lives that ensued.

Could this catastrophe have been averted? Or, if the risk of occurrence was considered too low to spend the extra funds on stronger and better designed levees, could the response and recovery process have been better organized and better planned?

Complete protection against such disasters is prohibitively expensive and usually cannot be justified based on the risks. But some level of planning and preparation is expected from our officials and emergency services. Someone has to take on the responsibility for developing and implementing such contingency plans. And, yes, some should be take the blame if the plans go awry and if it is apparent that the damage could have been averted.

Often it takes a tragedy to have better preventive and responsive measures put in place. The magnitude of the Indonesian tsunami of December 2004, with deaths estimated more than 200,0001, was unprecedented in modern times and unforeseen. Before the event, monitoring devices were not considered necessary. After it happened, as is generally the case, perception of the likelihood of such a devastating event changed quickly, with pressure to build early warning systems in the Indian Ocean as exists in other oceans susceptible to earthquakes. Also, we are now seeing much greater responsiveness, in terms of warning coastal dwellers of a possible tsunami.

It is virtually impossible to predict major devastating events, natural or human-induced, in regard to scope, timing or both, as is very well argued in the book The Black Swan (Taleb, 2007). Therefore, it behooves those in power to plan for catastrophes as a whole. They must take responsibility for those plans, and step up to being strongly criticized and severely disciplined if their planning and responses are clearly inadequate and should have been more effective given the state of knowledge and capability prior to the event.

When the avian influenza (or bird flu) pandemic was originally confirmed to have infected human beings in 1997 (CDC, 2007), there were grave concerns that the outbreak would evolve into a human pandemic. Subsequently, there have been some efforts to plan for such a rampant spread of disease in humans, but there remain many who cannot or will not fathom the scope of the required Catastrophe Contingency Plan (CCP). A catastrophe, of the likes of a flu pandemic, would be unprecedented in modern times. The anticipated birdflu outbreak has been compared to the global flu pandemic of 1918. However, the world was not nearly as complex, intertwined and global 90 years ago, nor did it have today’s multitude of interacting processes.

Today, with such reliance on nations’ critical infrastructures and interdependencies within, between and across sectors, both domestically and internationally, the potential impact of a catastrophe, such as a pandemic, is huge.

Key Terms in this Chapter

Information Security: Protection of information assets by ensuring their confidentiality, integrity and availability.

Risk: A measure of the expected loss of an event. The product of the magnitude of a loss and the probability of its occurrence.

Catastrophe: A more far-reaching and devastating incident than a regular disaster. Cuts across many public and private sectors and infrastructures.

Liability: Personal risk of being blamed for an incident and potentially being subject to adverse consequences.

Contingency Catastrophe Plan (CCP): A specialized plan to minimize loss of human life and damage to resources and infrastructures and to facilitate recovery in the event of a catastrophic event.

Incident Management: Policy and procedures relating to the response to and recovery from an incident.

Privacy: A person’s right to control his or her personal information.

Disaster Recovery Plan: Generally a plan for enabling an organization to move to alternate system, network, and operational facilities in the event of an incident making the primary facilities unusable.

Contingency Planning: A combination of business continuity and disaster recovery planning.

Business Continuity Plan: A plan for ensuring that businesses will be able to recover from the effects of a destructive incident and continue to operate at an acceptable level.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
John Walp
Manish Gupta, Raj Sharman
Chapter 1
C. Warren Axelrod
This chapter examines the impact of catastrophes on information security and suggests who might have responsibility for maintaining an appropriate... Sample PDF
Responsibilities and Liabilities with Respect to Catastrophes
Chapter 2
David Porter
This chapter discusses the latest developments in the shifting threat landscape and their impact on the world of information security. It describes... Sample PDF
The Complex New World of Information Security
Chapter 3
Ahmed Awad E. Ahmed
In recent years, many studies have highlighted the unprecedented growth in security threats from multiple and varied sources faced by corporate, as... Sample PDF
Employee Surveillance Based on Free Text Detection of Keystroke Dynamics
Chapter 4
Arunabha Mukhopadhyay, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, Samir K. Sadhukhan
An online business organization spends millions of dollars on firewalls, anti-virus, intrusion detection systems, digital signature, and encryption... Sample PDF
E-Risk Insurance Product Design: A Copula Based Bayesian Belief Network Model
Chapter 5
Guoling Lao
E-commerce mode aggravates information asymmetry so that honesty-credit problems become more serious. This chapter discusses the honesty-credit... Sample PDF
E-Commerce Security and Honesty-Credit
Chapter 6
Zhixiong Zhang, Xinwen Zhang, Ravi Sandhu
This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies... Sample PDF
Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration
Chapter 7
Chandan Mazumdar
There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by... Sample PDF
Enterprise Information System Security: A Life-Cycle Approach
Chapter 8
Peter O. Orondo
Most companies would agree that securing their information assets is worth some investment. It is thus plausible to assume that low levels of IT... Sample PDF
An Alternative Model of Information Security Investment
Chapter 9
George O.M. Yee
The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, the... Sample PDF
Avoiding Pitfalls in Policy-Based Privacy Management
Chapter 10
Supriya Singh
Enabling customers to influence the way they are represented in the bank’s databases, is one of the major personalization, responsiveness, and... Sample PDF
Privacy and Banking in Australia
Chapter 11
Madhusudhanan Chandrasekaran, Shambhu Upadhyaya
Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such... Sample PDF
A Multistage Framework to Defend Against Phishing Attacks
Chapter 12
Ghita Kouadri Mostefaoui, Patrick Brézillon
In recent years, the security research community has been very active in proposing different techniques and algorithms to face the proliferating... Sample PDF
A New Approach to Reducing Social Engineering Impact
Chapter 13
Yang Wang
Privacy-enhancing technologies (PETs), which constitute a wide array of technical means for protecting users’ privacy, have gained considerable... Sample PDF
Privacy-Enhancing Technologies
Chapter 14
Douglas P. Twitchell
This chapter introduces and defines social engineering, a recognized threat to the security of information systems. It also introduces a taxonomy... Sample PDF
Social Engineering and its Countermeasures
Chapter 15
Tom S. Chan
Social networking has become one of the most popular applications on the Internet since the burst of the dot-com bubble. Apart from being a haven... Sample PDF
Social Networking Site: Opportunities and Security Challenges
Chapter 16
James W. Ragucci, Stefan A. Robila
Fraudulent e-mails, known as phishing attacks, have brought chaos across the digital world causing billions of dollars of damage. These attacks are... Sample PDF
Designing Antiphishing Education
Chapter 17
Serkan Ada
This chapter discusses the recent theories used in information security research studies. The chapter initially introduces the importance of the... Sample PDF
Theories Used in Information Security Research: Survey and Agenda
Chapter 18
Samuel Liles
Information assurance education is an interdisciplinary endeavor that only when taken as a holistic and inclusive educational activity can be... Sample PDF
Information Assurance and Security Curriculum Meeting the SIGITE Guidelines
Chapter 19
Gary Hinson
This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by... Sample PDF
Information Security Awareness
Chapter 20
Nick Pullman, Kevin Streff
Security training and awareness is often overlooked or not given sufficient focus in many organizations despite being a critical component of a... Sample PDF
Creating a Security Education, Training, and Awareness Program
Chapter 21
E. Kritzinger, S.H von Solms
This chapter introduces information security within the educational environments that utilize electronic resources. The education environment... Sample PDF
Information Security Within an E-Learning Environment
Chapter 22
Donald Murphy, Manish Gupta, H.R. Rao
We present five emerging areas in information security that are poised to bring the radical benefits to the information security practice and... Sample PDF
Research Notes on Emerging Areas of Conflict in Security
Chapter 23
C. Orhan Orgun
This chapter develops a linguistically robust encryption system, LunabeL, which converts a message into syntactically and semantically innocuous... Sample PDF
The Human Attack in Linguistic Steganography
Chapter 24
Sérgio Tenreiro de Magalhães, Kenneth Revett, Henrique M.D. Santos, Leonel Duarte dos Santos, André Oliveira, César Ariza
The traditional approach to security has been the use of passwords. They provide the system with a barrier to access what was quite safe in the... Sample PDF
Using Technology to Overcome the Password's Contradiction
Chapter 25
Antonio Cerone
Reducing the likelihood of human error in the use of interactive systems is increasingly important. Human errors could not only hinder the correct... Sample PDF
Formal Analysis of Security in Interactive Systems
Chapter 26
Tejaswini Herath
It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the... Sample PDF
Internet Crime: How Vulnerable Are You? Do Gender, Social Influence and Education play a Role in Vulnerability?
Chapter 27
Jarrod Trevathan
Shill bidding is where spurious bids are introduced into an auction to drive up the final price for the seller, thereby defrauding legitimate... Sample PDF
Detecting Shill Bidding in Online English Auctions
Chapter 28
Carsten Röcker, Carsten Magerkurth, Steve Hinske
In this chapter we present a novel concept for personalized privacy support on large public displays. In the first step, two formative evaluations... Sample PDF
Information Security at Large Public Displays
Chapter 29
Yuko Murayama, Carl Hauser, Natsuko Hikage, Basabi Chakraborty
The sense of security, identified with the Japanese term, Anshin, is identified as an important contributor to emotional trust. This viewpoint... Sample PDF
The Sense of Security and Trust
About the Contributors