Security Basics mailing list archives
Re: A reminder that security is not inherently solvable with technology
From: Paul O'Malley <ompaul () eircom net>
Date: Fri, 24 Oct 2003 08:28:08 +0100
On Thu, 2003-10-23 at 18:14, Kamal Habayeb wrote:
JGrimshaw () ASAP com wrote:http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8G1.DTL This article was posted on Slashdot today...Does anyone else see the potential abuse of off shoring jobs that may contain sensitive customer information? As this idea spreads, it could become the "hostage taking" of the new millennium. No longer would one need to kidnap a person in South America and hold them for ransom, its much easier to obtain a job that gives access to sensitive information and then threaten to publicize the information if not paid. We need to take steps to keep our jobs and our information secure.
This has been documented since security began. The argument may not have been so obvious in its phrasing but it is this: Given the concept of a system of least privilege, was it appropriate to outsource the data processing needs of the organisation in pursuit of lower costs (read share holder value) and risk the whole organisation on a single or multiple acts of hostage taking? You do not have data protection when a case such as this occurs. What would be very interesting to know is does the company to whom the Joe Citizen entrusted their personal data have a DRP (Disaster recovery plan) for this case? I suppose they don't see it as their issue but one for their contractor who sees it for their contractor etc. In a case such as this one can sue anyone one wishes to, however if customers feel aggrieved they will leave in their thousands and the company in question may not have need for its existing employees or board of directors. I wonder if it was documented in the risk assessment and management part of the consideration to outsource. Best regards, Paul O'Malley --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- hunt tool Jorge Garcia (Oct 21)
- Re: hunt tool Toyama no Benbei (Oct 22)
- A reminder that security is not inherently solvable with technology JGrimshaw (Oct 23)
- Re: A reminder that security is not inherently solvable with technology Kamal Habayeb (Oct 23)
- Re: A reminder that security is not inherently solvable with technology Paul O'Malley (Oct 24)
- RE: A reminder that security is not inherently solvable withtechnology Mike Peppard (Oct 24)
- RE: A reminder that security is not inherently solvable with technology Jeremiah Powell (Oct 27)
- Re: A reminder that security is not inherently solvable with technology Steve (Oct 27)
- Re: A reminder that security is not inherently solvable with technology John T. Hoffoss (Oct 28)
- A reminder that security is not inherently solvable with technology JGrimshaw (Oct 23)
- Re: hunt tool Toyama no Benbei (Oct 22)
- RE: A reminder that security is not inherently solvable with technology jm (Oct 23)
- RE: A reminder that security is not inherently solvable with technology Tsai Li Ming (Oct 24)
- <Possible follow-ups>
- RE: hunt tool Jorge Garcia (Oct 22)
- Re: hunt tool Eric Hagen (Oct 22)
- Re: hunt tool Jorge Garcia (Oct 24)