Re: Feds pursue secrecy for corporate victims of hacking

[InfoSec News <isn () c4i org>]

Forwarded from: DKezer () dyncorp-dc com

This policy from the FBI provides no relief from current corporate
responsibilities, it just gives the assurance that the FBI will not
release any data they are given (the believability of that policy is
another topic).  The company still has the same obligation to
shareholders, depositors, or investors it had before this policy was
stated.

Dennis Kezer

From: InfoSec News <isn () c4i org>

Date: Monday, November 4, 2002 1:30 am

Subject: Re: [ISN] Feds pursue secrecy for corporate victims of hacking

> Forwarded from: huggins () airmail net
>
> Let me see if I get this right
>
> I'm xyz bank I haven't taken the initiative to hire a security mangaer
> or have hired one but, pay them minimum, they tell me I need to fix
> security holes I say nah to expensive. I get hacked, my user data
> base and credit card information is stolen. Numerous account users
> identities are stolen but, because I report it to the FBI I dont need
> to disclose it to my stake holders, or customers at will. Hmmm!
> sounds great rob me again. 
>
> > http://www.nandotimes.com/technology/story/601028p-4652104c.html
> >
> > By TED BRIDIS, Associated Press
> >
> > WASHINGTON (October 31, 2002 6:36 p.m. EST) - Senior law enforcement
> > officials assured technology executives Thursday that government
> > will increasingly work to keep secret the names of compan.

[...]

> > "The mere calling of us in an investigation can have an adverse
> > impact on the image of your company," said Mueller, who has made
> > cybercrime an FBI priority. In exchange for this protection, Mueller
> > said, companies should more frequently admit to the FBI when they
> > are victims of hacking. "You're not enabling us to do the job," he
> > said.


[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.