Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Arshad Noor (arshad.noorstrongauth.com)
Date: Mon Aug 18 2008 - 22:52:12 CDT
Hear, hear! I, overwhelmingly, agree with macwheel99.
When people start taking personal responsibility for the
proper execution of their jobs and business mandates, we
can then expect to see a reduction of such breaches.
However, based on the number of data-loss reports I get
on this forum weekly, I am not optimistic that there are
sufficient people who take this responsibility seriously.
Therefore, the only way for companies to take our personal
data seriously is through legislation that has serious
consequences for failure to protect that data.
> A company can buy some computer system and not install, or manage, it
> I am more interested in whether they had any PCI audits or other security
> audits, and what if anything the audits had to say about their state of
> security preparedness.
> Here's what went wrong at TJX Max (click on preview to see document filed by
> 5/3 bank auditor AFTER the mess.) http://www.box.net/shared/ieae3qfqj9
> This is quite an eye-opener ... they had perfectly good computer systems,
> but at some level of company leadership, there was no conception of their
> security responsibilities, what it meant to be PCI compliant.
> There were TWELVE cyber security standards applicable to TJX.
> They had met THREE of them.
> Buying and installing computer systems is not enough.
> There has to be informed management of that systems have been properly
> implemented, are doing the job they are intended to do, and continue to do
> so, after any upgrades to related systems.
> When that does not happen, we cannot blame the computer vendors. That's like
> blaming an auto manufacturer because a drunk is driving around, on a flat
> tire, with broken lights.
Dataloss Mailing List (datalossattrition.org)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!