Re: Heartland Gets Religion on Security

[security curmudgeon <jericho () attrition org>]

: I agree. Over at DataLossDB, I inquired about adding a column for the 
: firm(s) performing the audit in an attempt to [possibly] correlate 
: breaches with firms. Unfortunately, DataLossDB did not feel they had the 
: resources to accommodate. I can't help but feel there is an Enron/Arthur 
: Anderson relationship among some of these folks.

That is not exactly what we said =)

We said that for less than 1% of incidents we know the auditor. For the 
few that have come to light, I have been adding them as a comment to the 
entry. 

We can add a column fairly easily, but it will end up being almost 
completely empty. Such columns generate more questions and complaints than 
it's worth sometimes.

If anyone can demonstrate that the auditor's name is easy to obtain or 
will help us with the research, it may speed up the decision to add it.

Brian
DatalossDB.org

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------