BreachExchange mailing list archives
Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)
From: security curmudgeon <jericho () attrition org>
Date: Fri, 6 Jun 2008 20:06:01 +0000 (UTC)
: Let's say we do look at the commercial carrier, and the carrier offers : insurance against loss and the customer either chooses the insurance or : waives the insurance, most commercial carriers will make insurance : available, offered with disclosure that if a package's worth is more : than insurance will cover the carrier can refuse to carry the package, : based on what the customer has disclosed. Interesting.... Which leads to, what did BNY (or others) claim the backup tapes were worth =) Even if you go with a conservative estimate that one 'identity' is worth less than 20 bucks (recently stated in a paper), that is still a lot of money if the tapes have a million records. I really doubt BNY is declaring the tapes worth that much. So we have a system of couriers, off-site storage and backup providers that seem to be a serious weak point in the data security. Taking this one step farther, what if the tape *is* encrypted using really strong encryption and the tape is lost. Does the company have to warn customers? If not, will that lead to companies claiming strong encryption regardless, knowing that the odds of the unencrypted tape being discovered is very low, then falling back on "error in backup process, it should have been encrypted" claims? _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- MORE BNY (Mellon Corp) Tapes lost Henry Brown (Jun 06)
- Re: MORE BNY (Mellon Corp) Tapes lost TSG (Jun 06)
- time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) security curmudgeon (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Corcoran, Michele (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) security curmudgeon (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Arshad Noor (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) lyger (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost) Corcoran, Michele (Jun 06)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) DAIL, WILLARD A (Jun 06)
- Message not available
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) V. (Jun 07)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) Patricia Herberger (Jun 08)
- Re: time to name names (was Re: MORE BNY (Mellon Corp) Tapeslost) DAIL, WILLARD A (Jun 09)