Topics
Directions [1-10] : Read the following passage and answer the given questions. Certain words phrases are given in bold to help you locate them while answering some of the questions.
There is a market failure in cyber security. Solutions being suggested or tried include increasing transparency about data losses, helping consumers and firms to make more informed decisions about cyber-security; shedding more light on how internet-service providers (ISPs) tackle malware infections they spot on customers' computers; and using liability laws to force software companies to produce safer code. On transparency, America has led the way. Almost all American states now have data-breach laws that require firms to reveal any loss of sensitive customer information. In Europe telecoms firms have been obliged to notify customers of breaches for some time now and there are plans to extend reporting to a wider range of industries. Breach laws have encouraged insurance companies to offer coverage against potential losses. This is helpful because they are in a position to gather and share information about best practices across a wide range of companies. A cyber-insure advises companies on defensive tactics, and also on how to minimise the damage if something goes wrong. The American government should create a cyber-equivalent of the National Transportation Safety Board, which investigates serious accidents and shares information about them. Such a body could look into all breaches that cost over, $50m and make sure the lessons are shared widely. But insurers are likely to remain wary of taking on broader risks because the costs associated with a serious cyber-incident could be astronomic. Insurers can deal with acts of God, but not acts of Anonymous (hacking groups or acts of state sponsored hacking). This explains why the overall cyber-insurance market is still small. Governments are weighing in, too, not least by supporting private-sector efforts to clean up “botnets”, or networks of compromised computers controlled by hackers. These networks. which are prevalent in countries such as America and China, can be used to launch attacks and spread malware. In Germany an initiative called Bot-Frei, which helps people clean up their infected computers, received government support to get started, though it is now self-financing. The American government has also worked closely with private firms to bring down large botnets. Another strategy involves issuing standards to encourage improved security. America's National Institute of Standards and Technology published a set of voluntary guidelines for Companies in critical infrastruclure sectors such as energy and transport. Britain has also launched a scheme called "cyber-essentials" under which firms can apply for a certificate showing they comply with certain minimum security standards. Applicants undergo an external audit and, if successful, are awarded a badge which they can use on marketing materials. Whether governments are best placed to set minimum standards is debatable, but they have certainly raised awareness of cyber-security as an issue that needs attention.
They could also help to get more information into the public domain. Researchers have argued persuasively that collecting and publishing data about the quantity of spam and other bad traffic handled by ISPs could encourage the worst performers to do more to tackle the problem thus improving overall security. Another debate has revolved around getting software companies to produce code with fewer flaws in it. One idea is to make them liable for “damage caused when, say, hackers exploit a weakness in a software progmm. Most software companies currently insist customers accept end-user licensing agreements that specifically protect firms from legal claims unless local laws prohibit such exclusions. The snag is that imposing blanket liability could have a chilling effect on innovation. Companies that are selling millions of copies of programmes might take fright at the potential exposure and leave the business. Strict liability be applied only to firms which produce software that cannot be patched if a security flaw is found. There is quite a lot of that sort of code around.
There is a market failure in cyber security. Solutions being suggested or tried include increasing transparency about data losses, helping consumers and firms to make more informed decisions about cyber-security; shedding more light on how internet-service providers (ISPs) tackle malware infections they spot on customers' computers; and using liability laws to force software companies to produce safer code. On transparency, America has led the way. Almost all American states now have data-breach laws that require firms to reveal any loss of sensitive customer information. In Europe telecoms firms have been obliged to notify customers of breaches for some time now and there are plans to extend reporting to a wider range of industries. Breach laws have encouraged insurance companies to offer coverage against potential losses. This is helpful because they are in a position to gather and share information about best practices across a wide range of companies. A cyber-insure advises companies on defensive tactics, and also on how to minimise the damage if something goes wrong. The American government should create a cyber-equivalent of the National Transportation Safety Board, which investigates serious accidents and shares information about them. Such a body could look into all breaches that cost over, $50m and make sure the lessons are shared widely. But insurers are likely to remain wary of taking on broader risks because the costs associated with a serious cyber-incident could be astronomic. Insurers can deal with acts of God, but not acts of Anonymous (hacking groups or acts of state sponsored hacking). This explains why the overall cyber-insurance market is still small. Governments are weighing in, too, not least by supporting private-sector efforts to clean up “botnets”, or networks of compromised computers controlled by hackers. These networks. which are prevalent in countries such as America and China, can be used to launch attacks and spread malware. In Germany an initiative called Bot-Frei, which helps people clean up their infected computers, received government support to get started, though it is now self-financing. The American government has also worked closely with private firms to bring down large botnets. Another strategy involves issuing standards to encourage improved security. America's National Institute of Standards and Technology published a set of voluntary guidelines for Companies in critical infrastruclure sectors such as energy and transport. Britain has also launched a scheme called "cyber-essentials" under which firms can apply for a certificate showing they comply with certain minimum security standards. Applicants undergo an external audit and, if successful, are awarded a badge which they can use on marketing materials. Whether governments are best placed to set minimum standards is debatable, but they have certainly raised awareness of cyber-security as an issue that needs attention.
They could also help to get more information into the public domain. Researchers have argued persuasively that collecting and publishing data about the quantity of spam and other bad traffic handled by ISPs could encourage the worst performers to do more to tackle the problem thus improving overall security. Another debate has revolved around getting software companies to produce code with fewer flaws in it. One idea is to make them liable for “damage caused when, say, hackers exploit a weakness in a software progmm. Most software companies currently insist customers accept end-user licensing agreements that specifically protect firms from legal claims unless local laws prohibit such exclusions. The snag is that imposing blanket liability could have a chilling effect on innovation. Companies that are selling millions of copies of programmes might take fright at the potential exposure and leave the business. Strict liability be applied only to firms which produce software that cannot be patched if a security flaw is found. There is quite a lot of that sort of code around.
Which of the following best describes the author's view of liability laws?
|
A) These will act as incentives for computer firms to produce more secure software. |
|
B) These are pointless as they cannot be uniformly or strictly implemented. |
|
C) These will not greatly impact computer firms as the financial profits from software are huge. |
|
D) These are not an appropriate approach to cyber security. |
|
E) None of the given options |
Correct Answer:
| A) These will act as incentives for computer firms to produce more secure software. |
Part of solved IBPS Clerk3 questions and answers : Exams >> Bank Exams >> IBPS Clerk3
Comments
Similar Questions
