[Dataloss] time to name names (was Re: MORE BNY (Mellon Corp)Tape s lost)

Sat Jun 7 00:17:15 UTC 2008

As a legitimate company, the street value of an identity is meaningless, unless one plans to sell identities.

Executives and Risk Managers need to focus on the regulatory and punitive damage costs of a breach.       Who cares if a full identity goes for $20 if you'll end up paying $125 for losing it?

The only use I have ever found for the data is to illustrate a thief's financial incentive to attack a given system, while attempting to justify hardening it.

-----Original Message-----
From: "Paul Ferguson" <fergdawg at netzero.net>
To: "lawyer at carpereslegalis.com" <lawyer at carpereslegalis.com>
Cc: "dataloss at attrition.org" <dataloss at attrition.org>
Sent: 6/6/08 7:02 PM
Subject: Re: [Dataloss] time to name names (was Re: MORE BNY (Mellon Corp)Tape	s lost)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Marjorie Simmons" <lawyer at carpereslegalis.com> wrote:

> | Even if you go with a conservative estimate that one
> | 'identity' is worth less than 20 bucks (recently stated
> | in a paper) . . .
>
>First, the worth of an identity is not the market value
of the identity, because the market is illegitimate.
>

I would suggest that is actually not the case -- while the
market for identity credentials (includes login IDs, credit
card numbers, CVV & Track 2 data, SSNs, etc.) may indeed be
illegitimate, it is thriving.

So as far as I'm concerned, the statement above on market value
is completely meaningless.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFISc7Vq1pz9mNUZTMRAr2TAKDedtywJzO7QUv9xukUQuI1LB1ObgCeMcBD
EQrBJV23UlfpCo7UsMy6Csg=
=Z/MH
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.