[Dataloss] CTS: Thief Steals Tax Records
B.K. DeLong
bkdelong at pobox.com
Sun Feb 4 14:27:54 EST 2007
Data Loss and Compliance is all a game of Risk......Management. The
CPAs and other folk all get together to calculate at what point an
incident would be an unacceptable cost. That becomes the threshhold to
determine just how much they're willing to comply - both from a "CNN
moment" the result of a breach and a fine due to lack of compliance.
The "loss of reputation" might encourage more awareness but the key is
to get inside their head.
Though keep in mind, with each younger generation the better the BS meter. ;)
On 2/4/07, Adam Shostack <adam at homeport.org> wrote:
> So without meaning any disrespect George, I think that there are
> multiple fair interpretations of what's happened.
>
> 1) Arizona CPAs don't care.
> 2) Arizona CPAs saw your ads and decided that the risk wasn't that
> high. (No comment on the quality of the risk assessment.)
> 3) Arizona CPAs said "he's trying to drum up business" and let that
> color their risk assessment
>
> Similarly, your claim earlier "There was virtually no interest on the
> part of the CPA's to protect their customer's information"
>
> 1) could be true
> 2) could be that the CPAs don't know how to differentiate themselves
> on this basis.
> 3) could be that your telemarketer stinks.
>
> I'm glad to have you on the list and discussing your experience.
> Please don't take this as anything more than an attempt to offer
> alternate hypotheses.
>
> Adam
>
> On Sun, Feb 04, 2007 at 11:37:36AM -0700, George Toft wrote:
> | We tried to alert them all. We published articles and ads in the
> | Arizona Society of CPA magazine.
> |
> | George Toft, CISSP, MSIS
> | My IT Department
> | www.myITaz.com
> | 623-203-1760
> |
> | Confidential data protection experts for the financial industry.
> |
> |
> | blitz wrote:
> | > So one would/might postulate at this point the thieves are selecting
> | > smaller targets, with less names and info. Especially ones with less
> | > security, and obviously more to loose should they be compromised.
> | >
> | > */There should be an alert to them all.
> | >
> | >
> | > /*At 23:39 2/3/2007, you wrote:
> | >
> | >> I would expect to see more of these. I met an accountant in Phoenix
> | >> that had just her hard drives stolen - guess what the thief was after?
> | >>
> | >> This is a sore point for me - we hired a telemarketer to call every CPA
> | >> in Phoenix. There was virtually no interest on the part of the CPA's to
> | >> protect their customer's information from this type of event.
> | >>
> | >> BTW - 800 people for one firm means it's a small firm.
> | >>
> | >> George Toft, CISSP, MSIS
> | >> My IT Department
> | >> www.myITaz.com <http://www.myitaz.com/>
> | >> 623-203-1760
> | >>
> | >> Confidential data protection experts for the financial industry.
> | >>
> | >>
> | >> Dissent wrote:
> | >> > http://www.wndu.com/news/headlines/5530966.html
> | >> >
> | >> > Eight hundred people are in jeopardy of having their credit ruined,
> | >> > because thieves in the night stole their personal information from a
> | >> > Cassopolis tax preparer.
> | _______________________________________________
> | Dataloss Mailing List (dataloss at attrition.org)
> | http://attrition.org/dataloss
> | Tracking more than 146 million compromised records in 562 incidents over 7 years.
> |
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 146 million compromised records in 562 incidents over 7 years.
>
>
>
--
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471
http://www.wkdelong.org Son.
http://www.ianetsec.com Work.
http://www.bostonredcross.org Volunteer.
http://www.carolingia.eastkingdom.org Service.
http://bkdelong.livejournal.com Play.
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
FOAF:
http://foaf.brain-stream.org
More information about the Dataloss
mailing list