Full Disclosure mailing list archives
Re: Corporate Information Security Accountability Act of 2003
From: Peter van den Heuvel <peter () bank-connect com>
Date: Tue, 04 Nov 2003 11:25:15 +0100
LOL. And more, who would do the audit? I've seen _far_ more audit reports that aren't worth shit than reports that come close to being reasonable. Maybe it would make better sense to require such companies to publisize their security incidents; enable the shareholders to draw their own conclusions. Not that it would change anything of course; MicroSoft security status being not particularly secret.And who's going to enforce this? Something to consider, this could mean that you could face criminal charges if you stated that your network was secure and an independent audit team belonging to the DOJ proved otherwise - that'd land a lot of execs in jail (including Gates). Want to get your CEO put in jail? Just open up that telnet port.
http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Corporate Information Security Accountability Act of 2003 Paul Tinsley (Nov 03)
- Re: Corporate Information Security Accountability Act of 2003 Jonathan A. Zdziarski (Nov 03)
- Re: Corporate Information Security Accountability Act of 2003 Peter van den Heuvel (Nov 04)
- Re: Corporate Information Security Accountability Act of 2003 Jonathan A. Zdziarski (Nov 03)