<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [ga] Net security's a losing battle
|> From: Joanna Lane [mailto:jo-uk@rcn.com]
|> Sent: Friday, September 28, 2001 2:26 PM
|>
|> on 9/28/01 2:14 PM, Patrick Greenwell at
|> patrick@stealthgeeks.net wrote:
|>
|> > On Fri, 28 Sep 2001, Joanna Lane wrote:
|> >> what caught my attention was Scheier's [...] his
|> viewpoint that companies are
|> reluctant to report cyberattacks because of the stigma,
|> making things worse.
|> >
|> > It's not just stigma, it's a potential liability issue as well.
|>
|> A company that sets out to hide from legal responsibilities
|> is not one the
|> industry should be defending. Reluctance to share reports
|> amongst colleagues
|> for any reason would hamper the industry's overall ability
|> to exercise
|> damage limitation. I'm not sure that's an acceptable position for an
|> organization that is accountable to the public for
|> regulating the security
|> of the industry's critical infrastructure.
A slight correction here, A company's accountability is to its shareholders
and/or investors. This means that it must avoid unnecessary litigation
expenses as a part of the unwritten charter. Those that don't may suffer a
rapid change of leadership. No one reports all cyber-attacks, exactly for
liability reasons. Minimizing legal exposure. Employees have gotten fired
for this in the past. I've personally done some of the firing.
We are not talking about ICANN here, rather a corporation that provides
Internet services (ICANN arguably doesn't, being political and all).
Security standards were NEVER a part of the ICANN charter, BTW.
|> > I do believe that the idea that Internet security is a
|> losing battle is
|> > alarmist hogwash.
|> >
|> > Hit something with a stick for long enough and eventually
|> the object of
|> > attention is going to take steps to avoid getting hit.
|>
|> Hit hard enough, the object is going to suffer catastrophic
|> failure from a
|> single event.
Be that as it may, they become some of my better customers. Afterwards,
those are the ones that actually listen. Complacency is one of the larger
problems here.
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|