Firewall Wizards mailing list archives
Re: Re: Flawed Surveys [was: VPN endpoints]
From: Adam Shostack <adam () homeport org>
Date: Fri, 3 Sep 2004 15:00:37 -0400
On Fri, Sep 03, 2004 at 01:50:13PM -0400, MHawkins () TULLIB COM wrote: | > Mike - In CA all public companies must disclose any security breaches. | | This is not true. Security breaches WHERE CUSTOMER INFORMATION was | compromised must be reported. | | My point is that, for an accurate picture of costs and risks to be | developed, ALL security breaches need to be detailed and tabulated then | analyzed by actuaries and statisticians to build up a risk matrix. | | Even CA's legislation does not do, nor was it intended, to do that. [...] | themselves from hackers. On the hand, enterprizes are AWFUL at protecting | themselves from disgruntled employees and other internal risks. | | Until we measure ALL such risks, we shall never know where to spend our | money. | | CA legislation is very wide of that mark. | While you're right in that measuring risks help us assign resources to where they're useful, and to ensure that they're spent well, the CA legislation is not intended to do that. Its intended to correct an information imbalance, which is that companies collect information about you, and then have no motive to protect it. If it's stolen, you'll never know. By requiring reporting, customers may gain in ability to use security to choose where they do business. Adam _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Flawed Surveys [was: VPN endpoints] MHawkins (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Christopher Hicks (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Marcus J. Ranum (Sep 01)
- <Possible follow-ups>
- Re: Re: Flawed Surveys [was: VPN endpoints] lists (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Stailey, Mike (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Don Parker (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 03)
- Re: Re: Flawed Surveys [was: VPN endpoints] Crispin Cowan (Sep 03)
- Re: Re: Flawed Surveys [was: VPN endpoints] Stephen P. Berry (Sep 04)
- RE: Re: Flawed Surveys [was: VPN endpoints] MHawkins (Sep 03)
- Re: Re: Flawed Surveys [was: VPN endpoints] Adam Shostack (Sep 03)
- RE: Re: Flawed Surveys [was: VPN endpoints] Stailey, Mike (Sep 03)
- RE: Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 03)
- RE: Re: Flawed Surveys [was: VPN endpoints] Bill Royds (Sep 04)
- Re: Flawed Surveys [was: VPN endpoints] Abe Singer (Sep 04)
- RE: Re: Flawed Surveys [was: VPN endpoints] Christopher Hicks (Sep 01)