Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response



On Sat, Jan 7, 2012 at 5:42 PM, <Valdis.Kletnieks@xxxxxx> wrote:

It matters a lot less than you think. Go look at Sony's stock price while
they
were having their security issues - it was already sliding *before* PSN
got hacked,
but continued sliding at the *exact same rate* for several months, with no
visible


Indeed. It is surprising to me that customers don't care more about this
than they do. But the customer, in the end, doesn't seem particularly
concerned about their personal data. If they did they would stop buying,
revenue would fall, and stock price would fall.

As high priority as the IT Sec people usually think it should be, or as high
priority as a cold hard-line analysis of business cost/benefts says it
should
be? IT people tend to be *really* bad at estimating actual bottom-line
costs.


I can perfectly understand the cold rationalizing of ROI on issues of
security expense. I am much less forgiving of companies who constantly say
(and they all do) that they take great care with your data, won't share it
with anyone else, implement great security, etc. Then they are owned by
some stupid means such as a flawed and out of date Internet-facing webapp
and proven to be liars.

I wish there were far more punitive punishments for customers to pursue to
help shift the ROI towards providing more security.

Bob
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [fw-wiz] Security dumming down - the kings clothes
    ... these networks we have: "it's a trifle chaotic out there". ... responsible for the security portion of this overall process our ... me that our greatest weakness as an industry is not that our customers are ... >>marketing or rhetoric PhD. ...
    (Firewall-Wizards)
  • Re: How do you monetize your skills?
    ... organizations that were dedicate on only the Information Security ... In sales you'll learn that customers that "want" your product/service ... market customer to reach in all of marketing/advertising. ...
    (Pen-Test)
  • Re: Data Center Theft
    ... went wrong, change security and procedures. ... NOT lie to your customers, and put them in the positions that CI Host ... So how is it possible that the facility has been robbed ...
    (bit.listserv.ibm-main)
  • Re: Security and Contingency Planning
    ... Subject: Security and Contingency Planning ... > Hypothetical Situation: ... scenarios should a healthcare provider actually loose data to data theft, ... angles (current customers, former customers, medical staff, union ...
    (Security-Basics)
  • RE: Linux on military aircraft
    ... Internet so that ... threading security can review it to see if there are any holes. ... And customers want to head from their vendor when they ... Banks had 0 experience in modern technology, ...
    (comp.os.vms)