RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

MHawkins_at_TULLIB.COM
Date: 09/03/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints] (Paul D. Robertson)"
    To: paul@compuwar.net, Mike.Stailey@henryschein.com
    Date: Fri, 3 Sep 2004 13:50:13 -0400
    
    

    Mike,

    > Mike - In CA all public companies must disclose any security breaches.

    This is not true. Security breaches WHERE CUSTOMER INFORMATION was
    compromised must be reported.

    My point is that, for an accurate picture of costs and risks to be
    developed, ALL security breaches need to be detailed and tabulated then
    analyzed by actuaries and statisticians to build up a risk matrix.

    Even CA's legislation does not do, nor was it intended, to do that.

    CA's legislation primarily is intended to indirectly protect privacy. There
    is no DIRECT incentive. It's indirect. This is same problem I was referring
    to. Hackers provide a direct incentive to organizations to protect their
    networks. Surprize, surprize, enterprizes are fairly good at protecting
    themselves from hackers. On the hand, enterprizes are AWFUL at protecting
    themselves from disgruntled employees and other internal risks.

    Until we measure ALL such risks, we shall never know where to spend our
    money.

    CA legislation is very wide of that mark.

    Mike H

    -----Original Message-----
    From: Paul D. Robertson [mailto:paul@compuwar.net]
    Sent: Friday, September 03, 2004 1:43 PM
    To: Stailey, Mike
    Cc: Hawkins, Michael; mjr@ranum.com; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

    On Wed, 1 Sep 2004, Stailey, Mike wrote:

    > Mike - In CA all public companies must disclose any security breaches.
    > Also, we now have the Sarbanes/Oxley act for publicly held companies.
    > Yes, it's got a long way to go but like in Paul's prior posts - it
    > definitely a start in the right direction.
    >
    > Anyway, that's my story and I'm sticking to it...

    Isnt' it bad though, that these regulations are coming from outside of our
    field? Shouldn't we be the ones lobbying and drafting and providing
    guidance?

    Maybe the costs will make businesses shy away from practicioners who would
    advocate more regulation, but maybe that's the revolution we need in this
    field to gain the next level of effectiveness?

    Paul
    ----------------------------------------------------------------------------
    -
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Devdas Bhagat: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints] (Paul D. Robertson)"

    Relevant Pages

    • Re: [fw-wiz] Phishing
      ... I've had friends tell me that they've never failed using fake LinkedIn accounts when performing pen tests- I'm not sure how valuable training is, but I'm reasonably confident it and Facebook are the top two common vectors. ... sorts of steps significantly reduces potential risks. ... implement on the sending side to help protect your customers, ... protects your reputation and ultimately helps everyone else from abuse ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Phishing
      ... enduser can reasonably implement. ... sorts of steps significantly reduces potential risks. ... implement on the sending side to help protect your customers, ... protects your reputation and ultimately helps everyone else from abuse ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Phishing
      ... We never ask for your username and password. ... sorts of steps significantly reduces potential risks. ... Inbound email authentication ... implement on the sending side to help protect your customers, ...
      (Firewall-Wizards)
    • Re: Anti-Gun Hysteria!
      ... to protect the individual - even when they know that a crime is in ... or a gun either. ... costs (and risks) outweigh the advantages TO YOU, ...
      (talk.politics.guns)
    • Re: Large SRB test site in Florida
      ... NASA had run the numbers on a LOCV incident before ...  Despite the risks, ... the astronauts who had to fly the missions accepted ... If the costs become too high, you decide to stop taking the risks. ...
      (sci.space.history)