BreachExchange mailing list archives
Identity Theft protection changes needed
From: Al Mac <macwheel99 () sigecom net>
Date: Tue, 11 Jul 2006 00:07:18 -0500
In security breach news we are seeing the same scenario played out again and again, with different enterprises doing the same stuff that leads to disaster. How come no one seems to be learning by example to avoid being the next story in the news? I have my theories on this, but in this article, IDG News Services asked leaders of three security businesses to give their theories on this. * People do what is easy and convenient and don't give much thought to the consequences. * Many people do not get insurance until something happens to a neighbor, or they see problem in news, and realize they need insurance against that * Security is a balance between other management priorities, in which several are more important than security * There has been a conceptual shift in recent years. It used to be that companies trusted employees, gave them reasons for that trust, but now job security is threatened by off-shoring, unions have been busted, and Sarbanes Oxley is re-establishing separation of duties ** but none of that is why we have all these new laws saying no one can be trusted ... here's why http://wallstreetfollies.com/ scroll to the bottom and blow it up http://wallstreetfollies.com/diagrams.htm * there's a lot of traffic that goes over the Internet in the clear * you can't tell from a web ad if there is something malicious going on My theories have to do with the notion that security breaches have been occurring since the dawn of computer history, and we are now only hearing about those associated with geographies where there is a legal obligation to report them. Let's suppose you work in a company that has existed for 100 years, had computers for 50 years, have had 20 security breaches and survived them all. The fact that your company is now obligated to publicize breaches means that it does not dawn on anyone what the PR consequences of that are until after the first publicized breach. There are laws that are not enforced. We can go to any electronics store and buy the where with all to tap into cell phone and other radio traffic. Totally illegal, but have you ever heard of anyone being arrested for it?. Do you know what a police scanner is? People who like to listen to police radio calls for their entertainment. You can also listen to taxi service and other outfits. Some parts of the electromagnetic spectrum are reserved for special kinds of traffic, like pagers. I hear tell there's all kinds of interesting stuff for snoops. Companies with wireless not locked down. Several breaches have involved someone with laptop in their parking lot. People get some kind of communication service and assume there is zero risk of it being tapped, hacked, or what have you. http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=cybercrime_hacking&articleId=9001672&taxonomyId=82 - Al Mac AKA Alister Wm. Macintyre _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- Identity Theft protection changes needed Al Mac (Jul 11)
- Re: Identity Theft protection changes needed George Toft (Jul 11)