lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030929122340.58E5738108@mail.secnap.net>
From: scheidell at secnap.net (Michael Scheidell)
Subject: Soft-Chewy insides (was: CyberInsecurity: The
 cost of Monopoly)

> 
> <rant>
> The problem is that there is no accountability at the top for allowing 
> systems to be run in an insecure manner.  It seems that neither Boards 
> of Directors nor C-level corporate officers understand that, these 
> days, a significant chunk of the risk that they need to manage arises 
> out of their use of IT systems.  Either that, or there is no impetus to 
> *really* manage risk at any level.  This is not rocket science.  It is 
> risk management.  Risk is not being managed top-down in any structured 

The Sarbanes-Oxley act has also been called 'the Lawyers Full-Employment
Act'.  Big fines and jail time if a CFO signs 'zee paper' that says(or
implies) amoung other things that no unauthorized 'acquisition' of financial
assets (betty joe at the front desk can't read financial docs, memos,
spread sheets, general ledger, journal entries, confidential
information, etc) for public companies.

HIPAA violations can no only result in jail time, but the individual
company that is non-complaint can have Medicare payments withheld (as well
as fines and jail time)

GLBA (for financial institutions: that includes your stock broker and 2
man mom and pop mortgage company!) specifies fines and jail time as well.

These fins and jail time will directly target the C/Board level, and only
indirectly affect the security teams (they may lose their jobs when the
company they work for goes bankrupt)

Its only a matter of time before the lawyers finish up with big tobacco
and move on to SARBOX/HIPAA and GLBA work.
> 
> My $0.02.

I'll see you that .02/c and raise you 5 million dollars (the Maximum fine
under SARBOX)

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ