Re: WSJ Article - A Contrarian View on Data Breaches

["Hudson, Edward" <ehudson () CALSTATE EDU>]

Being a bit contrary myself of the sake of discussion.. But what makes it
a situational ethics issue? Or ethics issue at all?

When sociologist Raymond Baumhard asked "What does Ethics mean to you?" He
got a myriad of responses along societal,legal and religious lines.
Societally speaking most people accept standards that are "ethical" but I
would argue that societally we seem to have come to expect a certain
amount of this kind of breach related organizational behavior.  Ethics
isn't the same as following the law. We have had laws that weren't
necessarily ethical (slavery, etc) My point isn't to poke at Harry at all,
but to offer that these are business decisions being made by businesses
and we should expect no less until (and if) consumers and the law make it
more painful when there is a breach.  Information security is about
managing risk and the risk tolerance of organizations is widely divergent.
A recent article on LinkedIn regarding the plight of todays CISO's
recommended that we all go into a new job stating "there is going to be a
breach" and if an organization isn't accepting of that one should in the
words of Vigo Mortenson as Master Chief John Urgayle: "Seek employment
elsewhere"



Ed Hudson, CISM
Director, Information Security

401 Golden Shore
Long Beach, CA 90802
Tel 562-951-8431
ehudson () calstate edu






On 8/5/14 9:25 AM, "Harry Zahlis" <harry.zahlis () FRESNOCITYCOLLEGE EDU>
wrote:

> Situational ethics at its best...
>
> Harry Zahlis
> Network Coordinator
>
>
> Fresno City College
> 1101 E. University Ave.
> Fresno, CA 93741
> Help Desk: 559-443-8670
> Phone: 559-442-8206
> www.fresnocitycollege.edu
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of McClenon, Brady
> Sent: Tuesday, August 05, 2014 9:00 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] WSJ Article - A Contrarian View on Data Breaches
>
> http://www.marketwatch.com/investing/Stock/TGT/financials/income/quarter
>
> Sales seemed to dive in Q1 for Target, but that's post-Christmas.  You
> would expect a drop in sales.  Wal-Mart follows the same pattern, albeit
> not as sharp, but Target had better Q4-2013 growth (which included 42
> days after breach disclosure).
>
> Also, the day of the breach disclosure target stock sat around $61.  It
> fell to a low of $54 and is already back to $59 less than 8 months later.
>
> I think the jury is still out on reputation impacts of the breach...
>
>
> Brady McClenon
> Information Technology Security Administrator Information Technology
> Services SUNY College at Oneonta
> 607-436-3203
>
> "Quotes found on the internet are not always accurate."  - Abraham Lincoln
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julian Y Koh
> Sent: Tuesday, August 05, 2014 10:16 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] WSJ Article - A Contrarian View on Data Breaches
>
> On Tue Aug 05 2014 09:00:19 CDT, Harry Hoffman
> <hhoffman () IP-SOLUTIONS NET> wrote:
> > As far as I know Target suffered no loss of sales as a result of the
> > breach so how exactly are we measuring impact?
>
> <http://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-
> 46-on-credit-card-breach-and-says-the-hits-could-keep-on-coming/>
>
>
> --
> Julian Y. Koh
> Acting Associate Director, Telecommunications and Network Services
> Northwestern University Information Technology (NUIT)
>
> 2001 Sheridan Road #G-166
> Evanston, IL 60208
> 847-467-5780
> NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public
> Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>