BreachExchange mailing list archives
Re: CEOs deserve jail for data breaches
From: "Ghercoias, Catalin" <CGhercoias () TWEC COM>
Date: Wed, 09 Apr 2008 09:14:11 -0400
I agree with the idea. After all these breaches maybe not necessarily the CXX-level executives (maybe the CFO) should be marched to jail but the Directors of the IT who have been told by their Managers of Infrastructure or Managers of Store Services that there is a potential for a breach and "this is what needs to be done/purchased..." but the Director of IT either ignored them or said "this is not critical, it can wait". How many of you Security Engineers, System Administrators, Network Administrators, etc. have discovered big problems (or potential big) in your networks and you notified your Director of IT only to be given one of the answers "this is not critical, we do not have budget for this, it can wait until next year,... or you_fill_in_the_answer_here" or the worse answer I've heard -- "this is a risk that the business is willing to assume" ?? Especially when you told them that egress traffic should be blocked at the firewall level for ... all stores, let's say. -- C.
From: Rich Kulawiec <rsk () gsp org> Date: Wed, 9 Apr 2008 08:52:00 -0400 To: <dataloss () attrition org> Subject: Re: [Dataloss] CEOs deserve jail for data breaches This is an excellent idea. As I wrote the other on another mailing list, the single best thing that could happen for security would be live video of every Cxx-level executive at TJX being marched into Leavenworth -- AFTER being stripped of all personal assets. ---Rsk _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- CEOs deserve jail for data breaches security curmudgeon (Apr 09)
- Re: CEOs deserve jail for data breaches Jeff (Apr 09)
- Re: CEOs deserve jail for data breaches James Ritchie, CISA, QSA (Apr 09)
- Re: CEOs deserve jail for data breaches Allen (Jun 30)
- Re: CEOs deserve jail for data breaches Rich Kulawiec (Apr 09)
- Re: CEOs deserve jail for data breaches Ghercoias, Catalin (Apr 09)
- Re: CEOs deserve jail for data breaches Allan Friedman (Apr 09)
- Re: CEOs deserve jail for data breaches [LONG] Rich Kulawiec (Apr 09)
- Re: CEOs deserve jail for data breaches Ghercoias, Catalin (Apr 09)
- Re: CEOs deserve jail for data breaches Jeff (Apr 09)
- Re: CEOs deserve jail for data breaches Casey, Troy # Atlanta (Apr 09)
- Re: CEOs deserve jail for data breaches Eric Nelson (Apr 09)
- Re: CEOs deserve jail for data breaches James Childers (Apr 09)
- Re: CEOs deserve jail for data breaches Eric Nelson (Apr 09)
- Re: CEOs deserve jail for data breaches Mike Simon (Apr 09)
- Re: CEOs deserve jail for data breaches Adam Shostack (Apr 09)
- Re: CEOs deserve jail for data breaches Max Hozven (Apr 09)
- Re: CEOs deserve jail for data breaches Stefan Wahe (Apr 09)
- Re: CEOs deserve jail for data breaches Rich Kulawiec (Apr 09)
- Re: CEOs deserve jail for data breaches Adam Shostack (Apr 09)