Home page logo
/

basics logo Security Basics mailing list archives

Re: Actual Security Cases
From: "Jeffrey C. Keyser" <jkeyser () poss com>
Date: Fri, 07 Feb 2003 17:03:36 -0500

There are stories in the media of identity theft, mass credit card fraud and various forms of industrial espionage on least a monthly basis.

The bigger issue is that security MUST come from top down. I'm not sure of the of laws in your corner of the globe, but you may be able to convince him of his personal liability if information assets for which he's responsible are compromised. Even if he/she isn't legally liable for the compromised information, your organization may (spelled should) still hold this person responsible.

In the US we have HIPAA, which governs the handling of personal information. Building on your AOL example...If a physician Emails a patient's medical information "in the clear" he/she could be facing serious legal repercussions.

If you need to convince this idiot of the importance of protecting his/her information assets, it may be time to start looking for a new job. You don't want to get caught "holding the bag". At a minimum keep a paper trail to protect yourself WHEN the compromise occurs.

Good luck.




At 08:23 PM 1/29/2003 +0100, ullmic6 () web de wrote:
Does anybody know a good internet source of actual security related real life cases? I know that it's a risk to forward corporate mail to internet e-mail account like AOL or gmx. But I need a case like "in january 2001 the aol accounts of xyz got cracked and a lot of confidential data was published by some hackers on the internet" to convince a manager who thinks the risk is just theoretical and nothing ever happened. I would like to have such stories for different threats (no remote access via modem, no weak passwords, no unenecrypted data on laptops,...). In my opinion the stories in the book "Tangled Web" are just a starting point (some of them are not easy enough for managers).

--
<- ullmic6 ->






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault