Joe Rosato on 27 Oct 2014 13:55:11 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Spark Core (corrected)


I probably should have included a smile face on my post.. probably came off as oddly serious. The only point I was making with the second part was trickle down blame. The problem people were at the top, they benefited from the scandal. The tech guys were then sent in to make things more "secure". The solution seems odd. Make the accounting database/system more secure. 

People were cooking the books and the solution is to make sure only a set number of people can see the books.

Doesn't that sound like the solution is to protect the book-cooking from being found out again?


On Mon, Oct 27, 2014 at 1:59 PM, Rich Freeman <> wrote:
On Mon, Oct 27, 2014 at 1:49 PM, Keith C. Perry <> wrote:
That asks Rich's question a different way.  If someone says, "we keep your data safe and here's how", sure the client should want to verify what is being said but what about internal audits?  Where is the "inspector general" for these companies that has the autonomy to say, "yes, I've verified this" or "no, we're getting this wrong and it needs to be fixed".  Basically, IT personnel with executive level enforcement power.

The problem is the whole risk/benefit thing.  Money spent on security is only money well-spent if you actually have a security incident, in the same way that money spent on fire insurance is only well-spent if you have a fire.

A company that doesn't buy fire insurance will probably be more competitive than one that does. The same is true of a company that doesn't waste money on securing their credit card readers, like Home Depot.  When those companies bear the full costs of their actions, you MIGHT see a change.

It is a bit like how people point out that Facebook didn't plan for the necessary scalability and internally had a lot of struggles keeping up with demand.  The thing is, it is a MUCH better situation for a company to have a ton of demand and have to work hard to meet it, versus having spent all their money on preparing for demand and not having any money left for marketing/features/etc to create that demand.

Often companies that are successful are just the lucky ones.  Managers don't realize that, so they figure that whatever worked for somebody else will work for them.


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --