× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Here it is again.

Actually I have made variations on the statement more than twice on this list, but only twice recently.

Off Topic news from SECURITY IN THE NEWS
List-Archive: <https://thei3p.org/pipermail/security-news-html>

Title: Lost Ernst & Young laptop exposes IBM staff
Source: The Register

An Ernst & Young employee has lost a second laptop, this one containing the names, Social Security numbers, and other data of thousands of IBM employees. The loss occurred in January 2006 when the laptop was stolen from the employee's car; letters informing IBM employees of the compromise did not arrive until March 8. Ernst & Young is offering a free year of credit monitoring services from Experian.

This follows news in February that an Ernst & Young laptop containing data on Sun Microsystems employees -- including chief executive Scott McNealy -- was stolen. Ernst & Young has a policy prohibiting the storage of personal data on laptops, but we see how well it is enforced. The company also assures customers that the information is password protect, a measure security researchers consider grossly inadequate.
<http://www.theregister.co.uk/2006/03/15/ernstyoung_ibm_laptop/>http://www.theregister.co.uk/2006/03/15/ernstyoung_ibm_laptop/

There's been a bunch of other news stories on this.  Major topics:
* FIVE laptops lost by SAME audit firm, one each for 5 different major corporations being audited ... news media does not tell us if it was the SAME employee each time, 5 different employees, or somewhere in between
* Vast number of IBM employees impacted
* Long time delay between breach and victim notification
* What passes for compensation of victims
* What passes for adherence to SOX by companies supposedly policing SOX

Note that this is kinda off-topic for midrange_L
and it is only indirectly an issue for IBM internal controls, since it was THEIR AUDITORS who mucked up

Now lots of audit firms have done this kind of thing, so if IBM or any other firm says "we won't use you next year because of this" perhaps whichever one gets the job will be a mite more careful than they might be otherwise

Careful observers will also see that I replied to the post
before I realized that Dave Gibbs had not approved of the post that I replied to
this was an error on my part
sometimes I am a bit of a klutz
I was not as observant as I should have been

t 10:21 PM 4/3/06, you wrote:
 Al Mac  wrote:

>>back stabbing 100% of IBM employees does not qualify as a material
>> aspect of SOX.

Al -- this is the second time you have made that statement.  Perhaps I
am not informed, but can you please provide the context for that
statement.

--
Tom Jedrzejewicz
tomjedrz@xxxxxxxxx

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.