| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43315169.8020406@ftusecurity.com> Date: Wed, 21 Sep 2005 08:26:17 -0400 From: "Kenneth F. Belva" <ken@...security.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk This paper was delivered as the keynote presentation at the FiTech Summit 2005. You may find a link to the FiTech Summit here: http://www.me-uk.com/summits/eventdetails.asp?eventID=9022 The paper asks: Given a publicly disclosed security incident, "to what extent is (or isn't) investor confidence shaken? In other words, why is it the case that information security incidents do not appear to have a greater impact on both investor confidence as well as the public at large? To phrase the question in financial terms: why isn't the top line effected more than it is? To poignantly highlight this phenomena we ask: If 40 million customer credit card numbers are exposed in a security breach at the credit card processor CardSystems , why do a significant number people not cancel their Visa and/or Mastercard?" A copy of the presentation may be found here: http://www.ftusecurity.com/pub/FiTechSummit_final_paper.pdf This paper should be regarded as a starting point for further, positive discussion. Sincerely, Kenneth F. Belva, CISSP http://www.ftusecurity.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists