[Dataloss] [follow-up] Boeing fires employee whose laptop was stolen
blitz
blitz at strikenet.kicks-ass.net
Mon Dec 18 13:46:49 EST 2006
>A moot point to the corporate mindset, the question they should need
>to be asking themselves, is "Can I afford 5 years in prison and a
>$100,000 fine" for NOT using best of breed technology to secure PII
>data. Can I PROVE due dilligance in a court of law?
>Corporate clones only care about the bottom line, the effects of
>their misdeeds or incompetence is imaterial without teeth. They
>don't give a rat's rectum about the effects on anyone but
>themselves. Bad PR blows over. Thus we have to make the possibility
>of them getting VERY screwed over VERY real, or few will take it
>seriously. The lack of what happened to the "fired employee's" BOSS
>is the salient point here, they found a sacrificial lamb, oh
>well....the corporate policy on security etc. is what merits public
>scrutny. THAT's managerial and missing from the story. When we find
>mid-level managers going to a jail cell, then the problem MIGHT be
>taken seriously.
>Follow-up questions could focus on determining if the company is even
>aware of the costs to the consumer who is a victim of identity theft. I
>personally have found my best success at penetrating the corporate
>bureaucratic mindset is when I can make the employee think of himself as
>the victim of the theft.
>
>It's really important to try to understand the motivations of the entire
>team, and what their goals are. Understanding what the employees are
>trying do is important, but understanding why they are trying do it sure
>makes security a lot easier to design & implement.
>
>Andy Dail
>Sunoco PCI Project Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20061218/d3a5e8aa/attachment-0001.html
More information about the Dataloss
mailing list