Australian Legal Ramifications of Information System and Data Security Compromise: A review of issues, technology and law.

Quentin Cregan (2009). Australian Legal Ramifications of Information System and Data Security Compromise: A review of issues, technology and law. MPhil Thesis, T.C. Beirne School of Law, The University of Queensland.

Attached Files (Some files may be inaccessible until you login with your UQ eSpace credentials)
Name Description MIMEType Size Downloads
s33588186_MPhil_abstract.pdf Final Thesis Lodgment: Abstract application/pdf 12.97KB 3
s33588186_MPhil_totalthesis.pdf Final Thesis Lodgment application/pdf 1.31MB 19
Author Quentin Cregan
Thesis Title Australian Legal Ramifications of Information System and Data Security Compromise: A review of issues, technology and law.
School, Centre or Institute T.C. Beirne School of Law
Institution The University of Queensland
Publication date 2009-10
Thesis type MPhil Thesis
Supervisor Dr. Alan Davidson
Assoc. Prof. Nick James
Total pages 212
Total black and white pages 212
Subjects 18 Law and Legal Studies
Abstract/Summary Computer intrusions and attacks compromise individuals, companies and communities. Whilst it is clear that computer and information security studies point to a generalised increase in the number and sophistication of computer security attacks over the past decade and that nations now entirely rely upon computer systems, insufficient attention is paid to the protection of those systems. Computer data and network systems affect our everyday lives, from the supply-chain software that ensures that the shelves are stocked at the supermarket, to systems that manage finance and share markets. Compromises of computer security are, therefore, rightly seen both as an attack on those individual entities whose systems and information are compromised, and as a communal attack upon the people and organisations that rely upon or use computer systems, both directly and indirectly. The aim of this thesis is to give an analysis of computer system security, information protections and the legal ramifications of computer security compromise, notably, data security compromise in Australia. Ultimately, the aim is to address three overlapping questions: what are the ways in which systems are breached, what are the legal consequences of a breach and are those consequences adequate? This paper looks at the underlying technology and relationships between actors involved in the majority of security compromises and looks at the common factors in how systems and networks are attacked and actors damaged. The paper then goes on to look at criminal liability for security compromises and shows how a criminal analysis feeds into the proper civil law consideration of the topic. Finally, the paper looks at data security through the lens of privacy. Ultimately, this paper concludes that Australia is inconsistent in its legal responses to information security incidents. Such variations are based on the area of law being discussed and dependent on the breach methodology and outcome. The criminal law provides the most current and potent legal protection any business or individual has had in this field. This is followed by statutory privacy law which provides a narrow degree of coverage and provides only a weak conciliation process for addressing data security issues. Finally, common law and equity provide the most uncertain commercial remedies for those that suffer data security breach. This paper concludes that present protections are inadequate and uncertain, and that change is required.
Keyword information security, data liability, cybercrime, negligence, ddos, data protection, privacy

Citation counts: Google Scholar Search Google Scholar
Created: Tue, 13 Apr 2010, 05:03:05 EST by Mr Quentin Cregan on behalf of Library - Information Access Service