Full Disclosure mailing list archives
Re: Undisclosed breach at major US facility
From: "Stefan Keller" <stefan.keller () gmail com>
Date: Wed, 5 Jul 2006 08:18:57 +0200
The cost/benefit analysis is exactly why the "Oh, but I have so many computers and so little budget" philosophy is dead wrong here. - There is no reason why sensitive personal data should be accessible on each and every of your thousands of computers. And there is no reason why all your clients should look the same and have the same level of security. Introducing different security levels in your infrastructure (e.g. having "more secure zones") should be the approach here, not complaining that encrypting all and every kit costs so much.. Getting caught, punished, blamed and thrown in jail *should* be part of that cost/benefit analysis. - So I just hope that we'll see some real stiff penalties soon. - Stefan If you look at introducing different security levels in your infrastructure, you'll see that On 7/5/06, Q-Ball <qballus () gmail com> wrote:
Security is simply a cost/benefit excercise at the end of the day. No one implements security just to feel better about themselves. On 7/5/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote: > On Wed, 05 Jul 2006 00:25:15 EDT, Stack Smasher said: > Like I said, shareholder value and profit plays a huge role in people > getting off their ass and doing something to help the general public, > seeing as how you have mostly worked at a university you don't have an > executive board screaming at you Universities have their equivalent of executive boards, trust me.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Undisclosed breach at major US facility, (continued)
- Re: Undisclosed breach at major US facility Eric Ericson (Jul 04)
- Re: Undisclosed breach at major US facility Stack Smasher (Jul 04)
- Re: Undisclosed breach at major US facility nobody Wuss (Jul 04)
- Re: Undisclosed breach at major US facility Eric Ericson (Jul 04)
- Re: Undisclosed breach at major US facility Eric Ericson (Jul 04)
- Re: Undisclosed breach at major US facility pauls (Jul 04)
- Re: Undisclosed breach at major US facility Stack Smasher (Jul 04)
- Re: Undisclosed breach at major US facility Valdis . Kletnieks (Jul 04)
- Re: Undisclosed breach at major US facility Q-Ball (Jul 04)
- Re: Undisclosed breach at major US facility mikeiscool (Jul 04)
- Re: Undisclosed breach at major US facility Stefan Keller (Jul 04)
- Re: Undisclosed breach at major US facility Stack Smasher (Jul 04)
- Re: Undisclosed breach at major US facility Eric Ericson (Jul 04)
- Re: Undisclosed breach at major US facility Valdis . Kletnieks (Jul 04)
- Re: Re: Undisclosed breach at major US facility Valdis . Kletnieks (Jul 05)
- Re: Re: Undisclosed breach at major US facility Javor Ninov (Jul 05)
- Re: Undisclosed breach at major US facility evilrabbi (Jul 26)
- Re: Undisclosed breach at major US facility kaiser scapegoat (Jul 26)
- Re: Undisclosed breach at major US facility c0ntex (Jul 26)