|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] CTS: Thief Steals Tax Records
From: James Childers (james
iqbio.net)
Date: Sun Feb 04 2007 - 16:14:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Point taken... of course we are just talking about the "norms". There
are exceptions to every rule.
James Childers
-----Original Message-----
From: dataloss-bouncesattrition.org
[mailto:dataloss-bouncesattrition.org] On Behalf Of lyger
Sent: Sunday, February 04, 2007 2:09 PM
To: datalossattrition.org
Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
Since I almost never get to jump into these discussions, please allow me
to retort.
I find a couple of the comments below to be somewhat stereotypical. "IT
guys" are generally considered to be "geeks" and nothing more, even if
they have years of experience in fields that have to deal with
regulatory
compliance issues on a daily basis. Some "IT guys" are absolutely
capable
of making business decisions, especially when the decision in question
concerns protecting their company from bad choices made by the "business
leaders" who fail to understand the basics of risk assessment and risk
management, specifically those that deal with the loss of client,
customer, or employee information.
While it may be true that "a large percentage of IT guys" aren't as
versed
in regulatory compliance as their "business leader" counterparts, the
same
can be said for the "business leaders" who aren't concerned with the
impact a data breach can have on their company and fail to enable their
"IT guys" to provide valuable input into the decision-making process.
Just my opinion.
Lyger
On Sun, 4 Feb 2007, James Childers wrote:
": " An absolute recipe for disaster is when you let the I.T. "guys"
make
": " business decisions.
": "
": " Thanks for the info.
": "
": " James Childers
": " http://www.iqbio.com
": " http://www.clipbio.com
": "
": " -----Original Message-----
": " From: George Toft [mailto:georgemyitaz.com]
": " Sent: Sunday, February 04, 2007 1:45 PM
": " To: James Childers
": " Cc: blitz; datalossattrition.org
": " Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
": "
": " The FTC clearly calls out tax preparers as being required to comply
with
": "
": " GLBA (http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm 3rd
": " paragraph). However, in September, 2006, CPA's were able to become
": " exempt from the privacy rule of GLBA
": " (http://www.icpas.org/icpas/ei/gbarticle.asp). They are still
required
": " to comply with the Security Rule, which nobody seems to know about.
": "
": " CPA's by nature are very tight-fisted with their money, and they
see
": " this as yet another expense that has no benefit. "If it's not
broke,
": " why should I fix it?"
": "
": " This list's members are very proactive and forward-thinking.
Securing
": " information is obvious to us, but eludes others, so they delegate
the
": " task to "the IT guy" and it's his problem because "he understands
that
": " stuff." Problem is, a large percentage of IT Guys I've spoken with
are
": " clueless about regulatory compliance and the finer art of
information
": " security.
": "
": " George Toft, CISSP, MSIS
": " My IT Department
": " www.myITaz.com
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 562 incidents over
7 years.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 562 incidents over 7 years.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]