[Dataloss] [follow-up] Boeing fires employee whose laptop was stolen

[blitz]

>A moot point to the corporate mindset, the question they should need 
>to be asking themselves, is "Can I afford 5 years in prison and a 
>$100,000 fine" for NOT using best of breed technology to secure PII 
>data. Can I PROVE due dilligance in a court of law?
>Corporate clones only care about the bottom line, the effects of 
>their misdeeds or incompetence is imaterial without teeth. They 
>don't give a rat's rectum about the effects on anyone but 
>themselves. Bad PR blows over. Thus we have to make the possibility 
>of them getting VERY screwed over VERY real, or few will take it 
>seriously. The lack of what happened to the "fired employee's" BOSS 
>is the salient point here, they found a sacrificial lamb, oh 
>well....the corporate policy on security etc. is what merits public 
>scrutny. THAT's managerial and missing from the story. When we find 
>mid-level managers going to a jail cell, then the problem MIGHT be 
>taken seriously.


>Follow-up questions could focus on determining if the company is even
>aware of the costs to the consumer who is a victim of identity theft. I
>personally have found my best success at penetrating the corporate
>bureaucratic mindset is when I can make the employee think of himself as
>the victim of the theft.
>
>It's really important to try to understand the motivations of the entire
>team, and what their goals are.  Understanding  what the employees are
>trying do is important, but understanding why they are trying do it sure
>makes security a lot easier to design & implement.
>
>Andy Dail
>Sunoco PCI Project Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20061218/d3a5e8aa/attachment-0001.html