Re: They Take it Seriously? Oh, Sure

["Sean Steele" <SSteele () infolocktech com>]

Not to sound flippant, but would do we expect them to say?  Spin control is spin control, and PR wonks and 
in-the-crosshairs execs will continue to say the only thing they can say -- namely, that they take security very 
seriously. Such is life, right?

What I'd like to see is regulatory and civil penalties levied at the offending organizations, done in a "very serious" 
way.

--
Sean Steele, CISSP
infoLock Technologies
703.310.6478  direct
202.270.8672  mobile
ssteele () infolocktech com

-----Original Message-----
From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of B.K. DeLong
Sent: Wednesday, January 10, 2007 9:20 AM
To: Richard Forno
Cc: dataloss () attrition org
Subject: Re: [Dataloss] They Take it Seriously? Oh, Sure

That would be an interesting data point to collect - how many
incidents had a corporate wonk saying something to the effect of "very
seriously" or "extremely seriously".

On 1/10/07, Richard Forno <rforno () infowarrior org> wrote:
> They Take it Seriously? Oh, Sure
> January 9th, 2007 by Dan Gillmor
>
> (I originally wrote this for PR Week magazine.)
>
> Several weeks ago, UCLA acknowledged that some of its computers had been
> hacked. Obeying a state law, it notified more than 800,000 people that their
> personal data, including Social Security numbers, might have ended up in the
> wrong hands.
>
> The fact that the data got loose wasn¹t all that striking. Unfortunately,
> that¹s all too common. What struck me was this statement from a hapless UCLA
> honcho: ³We have a responsibility to safeguard personal information, an
> obligation that we take very seriously.²
>
> When and where have I heard that before? All kinds of times and places,
> actually. It¹s becoming a mantra that means almost nothing.
>
> Try this: Plug ³we take² and ³very seriously² into a Google News or Yahoo
> News search. You¹ll get hundreds of hits, albeit some repeats, where some
> big institution - corporate, educational, government, whatever - makes a
> giant blunder and then issues a ³we take (insert the violated policy) very
> seriously² statement.
>
> < - >
>
> http://citmedia.org/blog/2007/01/09/they-take-it-seriously-oh-sure/
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 529 incidents over 6 years.


-- 
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 529 incidents over 6 years.


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 529 incidents over 6 years.