Re: Heartland Gets Religion on Security

[security curmudgeon <jericho () attrition org>]

: I agree. Over at DataLossDB, I inquired about adding a column for the 
: firm(s) performing the audit in an attempt to [possibly] correlate 
: breaches with firms. Unfortunately, DataLossDB did not feel they had the 
: resources to accommodate. I can't help but feel there is an Enron/Arthur 
: Anderson relationship among some of these folks.

That is not exactly what we said =)

We said that for less than 1% of incidents we know the auditor. For the 
few that have come to light, I have been adding them as a comment to the 
entry. 

We can add a column fairly easily, but it will end up being almost 
completely empty. Such columns generate more questions and complaints than 
it's worth sometimes.

If anyone can demonstrate that the auditor's name is easy to obtain or 
will help us with the research, it may speed up the decision to add it.

Brian
DatalossDB.org

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------