Re: [follow-up] Boeing fires employee whose laptop was stolen

[blitz <blitz () strikenet kicks-ass net>]

> A moot point to the corporate mindset, the question they should need 
> to be asking themselves, is "Can I afford 5 years in prison and a 
> $100,000 fine" for NOT using best of breed technology to secure PII 
> data. Can I PROVE due dilligance in a court of law?
> Corporate clones only care about the bottom line, the effects of 
> their misdeeds or incompetence is imaterial without teeth. They 
> don't give a rat's rectum about the effects on anyone but 
> themselves. Bad PR blows over. Thus we have to make the possibility 
> of them getting VERY screwed over VERY real, or few will take it 
> seriously. The lack of what happened to the "fired employee's" BOSS 
> is the salient point here, they found a sacrificial lamb, oh 
> well....the corporate policy on security etc. is what merits public 
> scrutny. THAT's managerial and missing from the story. When we find 
> mid-level managers going to a jail cell, then the problem MIGHT be 
> taken seriously.


> Follow-up questions could focus on determining if the company is even
> aware of the costs to the consumer who is a victim of identity theft. I
> personally have found my best success at penetrating the corporate
> bureaucratic mindset is when I can make the employee think of himself as
> the victim of the theft.
>
> It's really important to try to understand the motivations of the entire
> team, and what their goals are.  Understanding  what the employees are
> trying do is important, but understanding why they are trying do it sure
> makes security a lot easier to design & implement.
>
> Andy Dail
> Sunoco PCI Project Manager
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 512 incidents over 6 years.