Full Disclosure mailing list archives
Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly)
From: Michael Scheidell <scheidell () secnap net>
Date: Mon, 29 Sep 2003 08:23:40 -0400 (EDT)
<rant> The problem is that there is no accountability at the top for allowing systems to be run in an insecure manner. It seems that neither Boards of Directors nor C-level corporate officers understand that, these days, a significant chunk of the risk that they need to manage arises out of their use of IT systems. Either that, or there is no impetus to *really* manage risk at any level. This is not rocket science. It is risk management. Risk is not being managed top-down in any structured
The Sarbanes-Oxley act has also been called 'the Lawyers Full-Employment Act'. Big fines and jail time if a CFO signs 'zee paper' that says(or implies) amoung other things that no unauthorized 'acquisition' of financial assets (betty joe at the front desk can't read financial docs, memos, spread sheets, general ledger, journal entries, confidential information, etc) for public companies. HIPAA violations can no only result in jail time, but the individual company that is non-complaint can have Medicare payments withheld (as well as fines and jail time) GLBA (for financial institutions: that includes your stock broker and 2 man mom and pop mortgage company!) specifies fines and jail time as well. These fins and jail time will directly target the C/Board level, and only indirectly affect the security teams (they may lose their jobs when the company they work for goes bankrupt) Its only a matter of time before the lawyers finish up with big tobacco and move on to SARBOX/HIPAA and GLBA work.
My $0.02.
I'll see you that .02/c and raise you 5 million dollars (the Maximum fine under SARBOX) -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Pudent default security, (continued)
- Re: Re: Pudent default security Shannon Johnston (Sep 29)
- Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 29)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Steve Wray (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Steve Wray (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly j (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 30)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Curt Purdy (Sep 28)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Joe (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Joe (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 28)
- WINDOWS XP software restriction policy [path rule] bypass... bipin gautam (Sep 28)