Category Archives: Breach reporting

Availability Is Not Security If an Abandoned Sea Anchor Cut the Cable?

art.cable.jpg I see in some fora people are still arguing that security involves countering malicious actors, and availability alone is not security, even if people are depending on availabity.

Were all those recent cable cuts in the Med. and the Persian Gulf not security issues, even though some of the affected companies are now planning to spend $300-400m on physical security to fix the problem?

If the culprit had been a Russian mobster or Al Qaeda or the CIA rather than (in one case) an abandoned ship anchor, then it would have been security, but now it’s not?

-jsq

Publicity about Internal Fraud: Still an Issue after 30 Years

top_hansom_cab.gif Adam quotes a 30 year old book about computer security and notes that the IRS then and now doesn’t adequately protect taxpayers’ information and promises to do better. His quote that I like best, though is:
Top management people in large corporations fear that publicity about internal fraud could well affect their companies’ trading positions on the stock market, hold the corporation up to public ridicule, and cause all sorts of turmoil… (Computer Capers, page 72)

Computer Capers: Tales of electronic thievery, embezzlement, and fraud, by Thomas Whiteside, Ty Crowell Co., 1978

That’s why corporations fear a breach reporting reputation system. That’s also why we need one.

-jsq ~

Dissenting Breaches

breach_increase.png Adam is rightly pleased as punch that people are trying to estimate breach trends, even though that’s really hard to do when you just don’t have reliable breach reports.
The bottom line is that if we want to make any sense out of data, we need more transparency and mandatory disclosure so that we can get ALL of the numbers on ALL of the incidents.

Congress, are you listening yet?

Second look: What kind of year was 2007 in terms of data breaches? Chronicles of Dissent, 3 Jan 2008

EU, are you listening? Japan? China?

-jsq

Canadian Breach Reporting

michael_geist.gif Michael Geist’s top tech law issue for Canada for 2008 is:

Security Breach Reporting Rules Are Introduced. Scarcely a week went by last year without a report of a security breach that placed the personal data of thousands of Canadians at risk. Last spring, a House of Commons committee acknowledged that the country needs mandatory security breach disclosure legislation that would require organizations to advise Canadians when they have been victimized by a breach.  A public consultation on the issue concludes next week and new regulations will be introduced before the summer.

Eight Tech Law Issues To Watch in 2008, Michael Geist, Tuesday January 08, 2008

That would be a good thing.

-jsq