Re: Fair and Balanced part 2!

[Jeffrey Walton <noloader () gmail com>]

On Thu, Jun 9, 2011 at 12:21 PM, joe mendez <sec.mendez () gmail com> wrote:
> I would just like to add that from what I have noticed; accountability is
> the one element that is missing from write ups
> and reports, which I believe instills conformity and motivation into
> employees "And" companies to work more securely...
I think I've herd it phrased as, "risk is democratized, reward is
privatized" (unfortunately, I can't properly attribute). From 10,000
feet it does not really make sense - shareholders suffer when
executives fail and the executives are rewarded. I feel the problem is
rooted in the politicians who pass the legislation which allows it to
happen. I strongly suspect it has something to do with PAC
contributions (I consider them bribes).

A perfect case in point: Goldman Sachs. The firm donated over 1M USD
to Obama's presidential run. Before Obama's donations, the company set
up a rating firm to call the junk mortgages "good" so others would
buy, while going short on the same [junk] instruments it was peddling.
After the global meltdown, Obama boasted (at a banker's lunch), "My
administration is the only thing saving you [sic: the bankers] from
the pitchforks of the American people".

To date, I'm only aware of a SEC investigation which settled at ~500M
USD, and nothing criminal from either the SEC or the DoJ. There are
some rumblings of a criminal investigation now, but 1M USD purchased a
lot of political protection (see
http://www.goldmansucs.com/2011/04/14/goldman-sachs-chief-could-face-criminal-prosecution-for-role-in-financial-crisis/).

> I've yet to hear anyone losing their job at SONY for the attacks and losses
> they are and will continue to endure....
> Oh, and lets not forget about SONY customers and the risks and problems they
> have to face.
Sony has a chronic (and apparently progressive) history of security
related ailments. See Security Curmudgeon's timeline at
http://attrition.org/security/rants/sony_aka_sownage.html. One of the
earliest documented events is from the late 1990s.

> /* I could have missed a headline where SONY paid for all the damages to its
> customers.......and fixed all their security problems */
It does not appear so. Sony set aside 171M USD for the first incident.
After layers take their share, it works out to less than $2 USD per
record (individual?) for credit monitoring, etc, etc.

> It's no surprise that there's a lot that goes into security whether it be
> physical, network, policy,
> application, employee security awareness education, risk
> assessments,etc,etc.
>
> If a government or company doesn't understand what encompasses security then
> it will be just a matter of time before they are caught with their pants down.
>
> On the other hand, I bet there are governments and companies that do
> understand all the above and still get owned.
Perhaps government prefers the insecurities: "I, Cringely: When
Engineers Lie",
http://linuxbox.org/pipermail/funsec/2011-June/026763.html.

> I guess it all boils down to if a group or individual has a will, they will
> find a way....

Jeff
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave