BreachExchange mailing list archives
Re: [follow-up] Boeing fires employee whose laptop was stolen
From: blitz <blitz () strikenet kicks-ass net>
Date: Mon, 18 Dec 2006 13:46:49 -0500
A moot point to the corporate mindset, the question they should need to be asking themselves, is "Can I afford 5 years in prison and a $100,000 fine" for NOT using best of breed technology to secure PII data. Can I PROVE due dilligance in a court of law? Corporate clones only care about the bottom line, the effects of their misdeeds or incompetence is imaterial without teeth. They don't give a rat's rectum about the effects on anyone but themselves. Bad PR blows over. Thus we have to make the possibility of them getting VERY screwed over VERY real, or few will take it seriously. The lack of what happened to the "fired employee's" BOSS is the salient point here, they found a sacrificial lamb, oh well....the corporate policy on security etc. is what merits public scrutny. THAT's managerial and missing from the story. When we find mid-level managers going to a jail cell, then the problem MIGHT be taken seriously.
Follow-up questions could focus on determining if the company is even aware of the costs to the consumer who is a victim of identity theft. I personally have found my best success at penetrating the corporate bureaucratic mindset is when I can make the employee think of himself as the victim of the theft. It's really important to try to understand the motivations of the entire team, and what their goals are. Understanding what the employees are trying do is important, but understanding why they are trying do it sure makes security a lot easier to design & implement. Andy Dail Sunoco PCI Project Manager
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 512 incidents over 6 years.
Current thread:
- Re: [follow-up] Boeing fires employee whose laptop was stolen DAIL, ANDY (Dec 18)
- Message not available
- Re: [follow-up] Boeing fires employee whose laptop was stolen blitz (Dec 18)
- Message not available