From: scheidell at secnap.net (Michael Scheidell)
Subject: Soft-Chewy insides (was: CyberInsecurity: The
 cost of Monopoly)

> 
> <rant>
> The problem is that there is no accountability at the top for allowing 
> systems to be run in an insecure manner.  It seems that neither Boards 
> of Directors nor C-level corporate officers understand that, these 
> days, a significant chunk of the risk that they need to manage arises 
> out of their use of IT systems.  Either that, or there is no impetus to 
> *really* manage risk at any level.  This is not rocket science.  It is 
> risk management.  Risk is not being managed top-down in any structured 

The Sarbanes-Oxley act has also been called 'the Lawyers Full-Employment
Act'.  Big fines and jail time if a CFO signs 'zee paper' that says(or
implies) amoung other things that no unauthorized 'acquisition' of financial
assets (betty joe at the front desk can't read financial docs, memos,
spread sheets, general ledger, journal entries, confidential
information, etc) for public companies.

HIPAA violations can no only result in jail time, but the individual
company that is non-complaint can have Medicare payments withheld (as well
as fines and jail time)

GLBA (for financial institutions: that includes your stock broker and 2
man mom and pop mortgage company!) specifies fines and jail time as well.

These fins and jail time will directly target the C/Board level, and only
indirectly affect the security teams (they may lose their jobs when the
company they work for goes bankrupt)

Its only a matter of time before the lawyers finish up with big tobacco
and move on to SARBOX/HIPAA and GLBA work.
> 
> My $0.02.

I'll see you that .02/c and raise you 5 million dollars (the Maximum fine
under SARBOX)

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/

Powered by blists - more mailing lists