funsec mailing list archives
Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed
From: "Brian Loe" <knobdy () gmail com>
Date: Sat, 21 Jul 2007 10:18:45 -0500
On 7/20/07, Dave Paris <dparis () w3works com> wrote:
I've worked for one of Tricare's competitors. Nothing new under the sun. These people wouldn't know security if it dropped on their heads like an anvil. Hell, I had to bring my own taps and hardware in because I couldn't get a budget for *any* security. When I walked out, so did any sense of monitoring and the hardware to do it.
I've worked for a competitor as well - and while they hadn't yet taken on any government work/data, they were looking at it (and scared all to hell about it, via a strong inability to understand what it was). Truth is, either regulation is mostly just paperwork. If you can make your paperwork look good and complete you're probably golden - even in the case of a breach. Too true, though, that data security doesn't appear to be a major concern of any of these companies. My previous employer has a guy with the title of "data security officer" but he works as a project manager. I met him only once, in a meeting about DITSCAP, and he was COMPLETELY clueless on anything to do with security or regulatory compliance. And, as I said, I met him only once even though my team were the ones driving the security ship (if you want to call it that, we controlled the firewalls, proxies, etc.). Since I left that company has sorta "forgotten" that there is a syslog server on the network - having disabled the alerts it sent out there's not much to remind them of it either. The monitoring software I can only hope they're still using... _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Paul Ferguson (Jul 20)
- Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Brian Loe (Jul 20)
- Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Dave Paris (Jul 20)
- Re: [privacy] Fwd: [Dataloss] (SAIC update) 900, 000 health records possibly compromi sed Brian Loe (Jul 21)