BreachExchange mailing list archives
Re: Feds seek to nab credit card thieves in La., Miss.
From: George Toft <george () georgetoft com>
Date: Tue, 19 Aug 2008 21:15:52 -0700
Fat chance on the legislation. I had the opportunity to talk to a lobbyist for a major insurance company about our state data protection law and she gave me critical insight as to WHY our well-written bill got defanged and neutered. This Ins Co told the state legislation that they would have to stop operating in the state should the bill pass as written - it was modeled after California's law). This Ins Co is one of the state's largest employers. The economic damage caused by their departure would be devastating, so the bill conveniently died in committee. It's all about the Benjamins - one way or another. George On Mon, 2008-08-18 at 20:52 -0700, Arshad Noor wrote:
Hear, hear! I, overwhelmingly, agree with macwheel99. When people start taking personal responsibility for the proper execution of their jobs and business mandates, we can then expect to see a reduction of such breaches. However, based on the number of data-loss reports I get on this forum weekly, I am not optimistic that there are sufficient people who take this responsibility seriously. Therefore, the only way for companies to take our personal data seriously is through legislation that has serious consequences for failure to protect that data. Arshad Noor StrongAuth, Inc. macwheel99 () wowway com wrote:A company can buy some computer system and not install, or manage, it properly. I am more interested in whether they had any PCI audits or other security audits, and what if anything the audits had to say about their state of security preparedness. Here's what went wrong at TJX Max (click on preview to see document filed by 5/3 bank auditor AFTER the mess.) http://www.box.net/shared/ieae3qfqj9 This is quite an eye-opener ... they had perfectly good computer systems, but at some level of company leadership, there was no conception of their security responsibilities, what it meant to be PCI compliant. There were TWELVE cyber security standards applicable to TJX. They had met THREE of them. Buying and installing computer systems is not enough. There has to be informed management of that systems have been properly implemented, are doing the job they are intended to do, and continue to do so, after any upgrades to related systems. When that does not happen, we cannot blame the computer vendors. That's like blaming an auto manufacturer because a drunk is driving around, on a flat tire, with broken lights._______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Feds seek to nab credit card thieves in La., Miss. lyger (Aug 18)
- Re: Feds seek to nab credit card thieves in La., Miss. TS Glassey (Aug 18)
- Re: Feds seek to nab credit card thieves in La., Miss. macwheel99 (Aug 18)
- Re: Feds seek to nab credit card thieves in La., Miss. Arshad Noor (Aug 18)
- Re: Feds seek to nab credit card thieves in La., Miss. George Toft (Aug 20)
- Re: Feds seek to nab credit card thieves in La., Miss. macwheel99 (Aug 18)
- Re: Feds seek to nab credit card thieves in La., Miss. TS Glassey (Aug 18)
- <Possible follow-ups>
- Re: Feds seek to nab credit card thieves in La., Miss. Paul Ferguson (Aug 18)
- Re: Feds seek to nab credit card thieves in La., Miss. Jon Turner (Aug 19)