Keith C. Perry on 27 Oct 2014 14:35:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Spark Core (corrected)


Ahhh, I understand you now.  Fixing the real issue would have been an admission of guilt.  I remember being tied to CSPAN a lot back then waiting to hear a financial institution executive say, "we messed up because we were greedy and we were greedy because we could be".  Nope, that never happened.  Lets just pretend to have a witch hunt, fire some people that had nothing to do which this and then have settlements that convenient omit and statement of guilt or malfeasance.  

You're right, something like this will happen again.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Owner, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167

From: "rosatoj" <>
To: "Philadelphia Linux User's Group Discussion List" <>
Sent: Monday, October 27, 2014 4:55:05 PM
Subject: Re: [PLUG] Spark Core (corrected)

I probably should have included a smile face on my post.. probably came off as oddly serious. The only point I was making with the second part was trickle down blame. The problem people were at the top, they benefited from the scandal. The tech guys were then sent in to make things more "secure". The solution seems odd. Make the accounting database/system more secure. 

People were cooking the books and the solution is to make sure only a set number of people can see the books.

Doesn't that sound like the solution is to protect the book-cooking from being found out again?


On Mon, Oct 27, 2014 at 1:59 PM, Rich Freeman <> wrote:
On Mon, Oct 27, 2014 at 1:49 PM, Keith C. Perry <> wrote:
That asks Rich's question a different way.  If someone says, "we keep your data safe and here's how", sure the client should want to verify what is being said but what about internal audits?  Where is the "inspector general" for these companies that has the autonomy to say, "yes, I've verified this" or "no, we're getting this wrong and it needs to be fixed".  Basically, IT personnel with executive level enforcement power.

The problem is the whole risk/benefit thing.  Money spent on security is only money well-spent if you actually have a security incident, in the same way that money spent on fire insurance is only well-spent if you have a fire.

A company that doesn't buy fire insurance will probably be more competitive than one that does. The same is true of a company that doesn't waste money on securing their credit card readers, like Home Depot.  When those companies bear the full costs of their actions, you MIGHT see a change.

It is a bit like how people point out that Facebook didn't plan for the necessary scalability and internally had a lot of struggles keeping up with demand.  The thing is, it is a MUCH better situation for a company to have a ton of demand and have to work hard to meet it, versus having spent all their money on preparing for demand and not having any money left for marketing/features/etc to create that demand.

Often companies that are successful are just the lucky ones.  Managers don't realize that, so they figure that whatever worked for somebody else will work for them.


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --