jcew...@acm.org (Joel C. Ewing) writes: > And I noticed a reprinted Washington Post article in my local paper > today "Bank data stolen despite cloud push", which clearly indicates > bank management had the perception that somehow removing data from > Capital One's direct physical control to Amazon Web Services on the > cloud would "improve" security rather than just add different paths for > attack. Can't help but wonder if this move to "cut back" on Capital > One's data centers also involved laying off the people that might have > been smart enough to configure their firewall correctly and avoid the > breach.
We were brought in to help wordsmith some california legislation (late 90s, two decades ago). At the time they were doing electronic signature, data breach notification (original, 1st in country), and opt-in personal information sharing. Some of the participants had done indepth public privacy surveys and the #1 issue was identify theft, primarily fraudulent financial transactions as a result of breaches. At the time there was little or nothing being done (other than misdirection/obfuscation as to the source of the problems). The issue is that normally entities take security measures in self-protection, however in the case of the breaches, the institutions weren't at risk, it was the public. It was hoped that the publicity from breach notification might motivate serious and comprehensive security measures. since then there have been several federal breach notification (state preemption) bills introduced ... many of them worded in such a way that they would effectively eliminate any requiement for notification -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
