On Monday 29 September 2003 08:23 am, Michael Scheidell wrote: <snip>
> > These fins and jail time will directly target the C/Board level, and > only indirectly affect the security teams (they may lose their jobs > when the company they work for goes bankrupt) > > Its only a matter of time before the lawyers finish up with big > tobacco and move on to SARBOX/HIPAA and GLBA work. > > > My $0.02. > > I'll see you that .02/c and raise you 5 million dollars (the Maximum > fine under SARBOX) <cynical grin> Would that that would really help. I guess maybe in the long run it might, but I'm not holding my breath. There's still the small matter of connecting cause with effect and then implementing a program that will function appropriately at all levels of the organization. I'll bet a dozen Krispy Kremes that the response of many Boards and C-level officers will be a knee-jerk "Off with their heads" followed by a return to business as usual. It's a lot easier to offer up a sacrificial lamb than it is to change corporate culture . . . But it will certianly be interesting to follow . . . ;-) Regards, -- George Capehart capegeo at opengroup dot org PGP Key ID: 0x63F0F642 http://pgp.mit.edu Key fingerprint: BE7A 9A4A 6A8F 363A BAC5 4866 631B B2F6 63F0 F642 "It is always possible to agglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea. -- RFC 1925 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html