On Thu, Jun 9, 2011 at 12:21 PM, joe mendez <[email protected]> wrote: > I would just like to add that from what I have noticed; accountability is > the one element that is missing from write ups > and reports, which I believe instills conformity and motivation into > employees "And" companies to work more securely... I think I've herd it phrased as, "risk is democratized, reward is privatized" (unfortunately, I can't properly attribute). From 10,000 feet it does not really make sense - shareholders suffer when executives fail and the executives are rewarded. I feel the problem is rooted in the politicians who pass the legislation which allows it to happen. I strongly suspect it has something to do with PAC contributions (I consider them bribes).
A perfect case in point: Goldman Sachs. The firm donated over 1M USD to Obama's presidential run. Before Obama's donations, the company set up a rating firm to call the junk mortgages "good" so others would buy, while going short on the same [junk] instruments it was peddling. After the global meltdown, Obama boasted (at a banker's lunch), "My administration is the only thing saving you [sic: the bankers] from the pitchforks of the American people". To date, I'm only aware of a SEC investigation which settled at ~500M USD, and nothing criminal from either the SEC or the DoJ. There are some rumblings of a criminal investigation now, but 1M USD purchased a lot of political protection (see http://www.goldmansucs.com/2011/04/14/goldman-sachs-chief-could-face-criminal-prosecution-for-role-in-financial-crisis/). > I've yet to hear anyone losing their job at SONY for the attacks and losses > they are and will continue to endure.... > Oh, and lets not forget about SONY customers and the risks and problems they > have to face. Sony has a chronic (and apparently progressive) history of security related ailments. See Security Curmudgeon's timeline at http://attrition.org/security/rants/sony_aka_sownage.html. One of the earliest documented events is from the late 1990s. > /* I could have missed a headline where SONY paid for all the damages to its > customers.......and fixed all their security problems */ It does not appear so. Sony set aside 171M USD for the first incident. After layers take their share, it works out to less than $2 USD per record (individual?) for credit monitoring, etc, etc. > It's no surprise that there's a lot that goes into security whether it be > physical, network, policy, > application, employee security awareness education, risk > assessments,etc,etc. > > If a government or company doesn't understand what encompasses security then > it will be just a matter of time before they are caught with their pants down. > > On the other hand, I bet there are governments and companies that do > understand all the above and still get owned. Perhaps government prefers the insecurities: "I, Cringely: When Engineers Lie", http://linuxbox.org/pipermail/funsec/2011-June/026763.html. > I guess it all boils down to if a group or individual has a will, they will > find a way.... Jeff _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
