mailing list archives
Re: Actual Security Cases
From: "Jeffrey C. Keyser" <jkeyser () poss com>
Date: Fri, 07 Feb 2003 17:03:36 -0500
There are stories in the media of identity theft, mass credit card fraud
and various forms of industrial espionage on least a monthly basis.
The bigger issue is that security MUST come from top down. I'm not sure
of the of laws in your corner of the globe, but you may be able to
convince him of his personal liability if information assets for which
he's responsible are compromised. Even if he/she isn't legally liable
for the compromised information, your organization may (spelled should)
still hold this person responsible.
In the US we have HIPAA, which governs the handling of personal
information. Building on your AOL example...If a physician Emails a
patient's medical information "in the clear" he/she could be facing
serious legal repercussions.
If you need to convince this idiot of the importance of protecting
his/her information assets, it may be time to start looking for a new
job. You don't want to get caught "holding the bag". At a minimum keep a
paper trail to protect yourself WHEN the compromise occurs.
At 08:23 PM 1/29/2003 +0100, ullmic6 () web de wrote:
Does anybody know a good internet source of actual security related real
life cases? I know that it's a risk to forward corporate mail to
internet e-mail account like AOL or gmx. But I need a case like "in
january 2001 the aol accounts of xyz got cracked and a lot of
confidential data was published by some hackers on the internet" to
convince a manager who thinks the risk is just theoretical and nothing
ever happened. I would like to have such stories for different threats
(no remote access via modem, no weak passwords, no unenecrypted data on
laptops,...). In my opinion the stories in the book "Tangled Web" are
just a starting point (some of them are not easy enough for managers).
<- ullmic6 ->