BreachExchange mailing list archives
Re: They Take it Seriously? Oh, Sure
From: "Sean Steele" <SSteele () infolocktech com>
Date: Wed, 10 Jan 2007 09:41:28 -0500
Not to sound flippant, but would do we expect them to say? Spin control is spin control, and PR wonks and in-the-crosshairs execs will continue to say the only thing they can say -- namely, that they take security very seriously. Such is life, right? What I'd like to see is regulatory and civil penalties levied at the offending organizations, done in a "very serious" way. -- Sean Steele, CISSP infoLock Technologies 703.310.6478 direct 202.270.8672 mobile ssteele () infolocktech com -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of B.K. DeLong Sent: Wednesday, January 10, 2007 9:20 AM To: Richard Forno Cc: dataloss () attrition org Subject: Re: [Dataloss] They Take it Seriously? Oh, Sure That would be an interesting data point to collect - how many incidents had a corporate wonk saying something to the effect of "very seriously" or "extremely seriously". On 1/10/07, Richard Forno <rforno () infowarrior org> wrote:
They Take it Seriously? Oh, Sure January 9th, 2007 by Dan Gillmor (I originally wrote this for PR Week magazine.) Several weeks ago, UCLA acknowledged that some of its computers had been hacked. Obeying a state law, it notified more than 800,000 people that their personal data, including Social Security numbers, might have ended up in the wrong hands. The fact that the data got loose wasn¹t all that striking. Unfortunately, that¹s all too common. What struck me was this statement from a hapless UCLA honcho: ³We have a responsibility to safeguard personal information, an obligation that we take very seriously.² When and where have I heard that before? All kinds of times and places, actually. It¹s becoming a mantra that means almost nothing. Try this: Plug ³we take² and ³very seriously² into a Google News or Yahoo News search. You¹ll get hundreds of hits, albeit some repeats, where some big institution - corporate, educational, government, whatever - makes a giant blunder and then issues a ³we take (insert the violated policy) very seriously² statement. < - > http://citmedia.org/blog/2007/01/09/they-take-it-seriously-oh-sure/ _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 529 incidents over 6 years.
-- B.K. DeLong (K3GRN) bkdelong () pobox com +1.617.797.8471 http://www.wkdelong.org Son. http://www.ianetsec.com Work. http://www.bostonredcross.org Volunteer. http://www.carolingia.eastkingdom.org Service. http://bkdelong.livejournal.com Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 529 incidents over 6 years. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 529 incidents over 6 years.
Current thread:
- They Take it Seriously? Oh, Sure Richard Forno (Jan 10)
- Re: They Take it Seriously? Oh, Sure B.K. DeLong (Jan 10)
- Re: They Take it Seriously? Oh, Sure George Toft (Jan 11)
- Re: They Take it Seriously? Oh, Sure Adrian Sanabria (Jan 20)
- <Possible follow-ups>
- Re: They Take it Seriously? Oh, Sure Sean Steele (Jan 10)
- Message not available
- Message not available
- Re: They Take it Seriously? Oh, Sure B.K. DeLong (Jan 10)
- Message not available