Re: [Full-disclosure] Should I Be Worried?



Sol Invictus wrote:

And THAT my friends is why it IS so hard! People know that if its only one person that knows about it, sooner or later they will shut up and move on. If you're gonna watch your stuff anyway, why not contact the credit bureaus and put an alert on your file and then go FD!

In the words of our fore fathers, "United we Stand! Divided we fall!"

Thank you for being one of the sheep that makes the rest of our jobs harder.


Not everyone's cut out for that kind of responsibility. People have different considerations and things that drive them.

The reason it's so hard is not for lack of talking but rather for lack of caring. Having worked in both the educational and corporate world I can say, beyond a shadow of a doubt, that what we say here doesn't really reach them for the most part. It reaches software producers, yes... and that was my original point. Appointment jobs are CYA jobs and bandaids are better than fixes in those situations.

The best way to affect that kind of change is to change the corporate culture -- which is a lot harder than it looks.

Many certified security professionals are taught that risk management is all about cost versus loss. It's like in fight club... it's the formula. a + b + c == x. If x is less than the cost of combined losses then companies don't fix it because it's counterproductive. It's roughly the same in organizations like universities only sometimes worse because there are all manner of divisions of labor and decisions made and deals appropriated that are there just for internal politics and job security for certain individuals.

What has to be considered is the fact that cost, in this case, is from the side of the institution. My bank account, for instance, means a lot more to me than it does to my bank. To my bank, I'm a very small percentage of the funds they hold. To me, my bank account is my ability to pay my rent this month.

The whole situation won't change until the corporate culture changes to stop being selfish and start considering the interests of the customer. And we're a long way away from that happening, unfortunately.

-bkfsec

p.s. I understand what you're saying, though... that our voices increase the combined cost to the organization driving them harder to fix things... this is true... but many organizations will just try to shift those costs back to you through legal means. We have to pick and choose our battles.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Why healthcare in the U.S. is "expensive" (and why Andres a lumberjack hes ok...)
    ... the USPS and UPS/Fed Ex which was not about cost. ... Often good or bad Customer Service is in the eye of the beholder...er ... the only reason the USPS doesn't have to concern itself with Customer ... Canada's economy churned out 51,100 new jobs in September - ...
    (soc.men)
  • Re: Mexicans Go Ferris Beuller
    ... Miguel crossing the border because jobs are offered to him and his ... You don't even know the cost. ... The United States is not the world's welfare provider. ... American than any tenth-generation "native" American whose main ...
    (alt.smokers.cigars)
  • Re: A GUIDE TO GLOBAL WARMING FOR THOSE EDUCATED IN THE UNIVERSITY OF LIFE
    ... worth of energy resources sitting right under our own feet. ... CO2 is not 'pollution' but, to the point, we manage your breath, piss, ... forth vs producing 20 cent per kWh 'green energy with 12 jobs when it ... amount of waste due to the cost and excessive "job creation." ...
    (alt.guitar.amps)
  • Re: London calling..
    ... and someone has to pay the cost. ... accept that permanent full time jobs are a thing of the past", ... Strip it of industry. ... People riot because they have spent their whole lives ...
    (rec.autos.sport.f1)
  • Re: Simulation software for DC/DC converter
    ... I'd call it a serious marketing blunder. ... via a lack or loss of jobs. ... The magnitude is different (not as cost sensitive) but the same problems ... It's the engineering where they fell ...
    (sci.electronics.design)