× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-NONTECH
  3. July 2006

RE: FBI CSI annual computer security report

I wouldn't deny that a company can spend a lot of money achieving SOX
compliance.  However, I still submit that with the exception of
withstanding the frequent audits, SOX controls are little more than
legislating how companies should handle their sensitive systems anyway.
Companies that spend a lot on SOX probably weren't spending enough on
security (IT and other) and controls to begin with.

That Scheib & VTB chose to de-list rather than comply makes me wonder
about their ability to secure their systems.  It also makes me wonder
how well they adhere to Visa's Payment Card Industry (PCI) agreement and
how well they secure customer data.

John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787 F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of
pnelson@xxxxxxxxxx
Sent: Monday, July 17, 2006 9:43 AM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: RE: FBI CSI annual computer security report

Speaking of security issues, here's an interesting piece on SOX:

http://www.chicagotribune.com/news/opinion/chi-0607170130jul17,0,1709465
.story?coll=chi-newsopinion-hed
- -

Paul Nelson
Arbor Solutions, Inc.
708-670-6978  Cell
pnelson@xxxxxxxxxx




"Jones, John (US)" <John.Jones@xxxxxxxxxx> Sent by:
midrange-nontech-bounces@xxxxxxxxxxxx
07/17/2006 09:34 AM
Please respond to
Non-Technical Discussion about the AS400 / iSeries
<midrange-nontech@xxxxxxxxxxxx>


To
"Non-Technical Discussion about the AS400 / iSeries" 
<midrange-nontech@xxxxxxxxxxxx>
cc

Subject
RE: FBI CSI annual computer security report






Last updated a couple of days ago, here's "A Chronology of Data Breaches
Reported Since the ChoicePoint Incident"

http://www.privacyrights.org/ar/ChronDataBreaches.htm
 


John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787 F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Al Mac
Sent: Friday, July 14, 2006 8:42 PM
To: e-com-sec@xxxxxxxxxxxxxxx; dataloss@xxxxxxxxxxxxx
Cc: Starbase_club1@xxxxxxxxxxxxx; midrange-nontech@xxxxxxxxxxxx
Subject: FBI CSI annual computer security report

   Each year the FBI (

 San
 Francisco Federal Bureau
 of Investigation's Computer Intrusion Squad

   ) http://www.fbi.gov/

   teams up with CSI (Computer Security Institute) http://www.gocsi.com/

   to produce an annual report on how much damage is being sustained
from
   various computer security problems (not all threats are necessarily
found
   in a single report, because of the manner in how the data is
collected). 

   The 2006 report just came out.  It is free to download from the CSI
web
   site, http://www.gocsi.com/

   but you gotta register with CSI to get a copy, and CSI has had at a
very
   small security breach, with people who registered for a prior year
   report.  They sent out a form for a conference to their registered
   members, already filled out with registration details to make it easy
for
   us to confirm, but they scrambled the mailing list, so that people
   generally got the details on other CSI customers.  I consider that a
very
   trivial breach compared to what other organizations have sustained.

   The information in the survey may not be reproduced without
permission
   from CSI, but some news media are sharing highlights, whose info I am
   passing on here, however some of the news stories seem contradictory,
with
   respect to how they are interpreting the data.  ie. in this post I am
   taking info from what the news reports are saying, not directly from
my
   copy of the report.

   The 30 page PDF report is downloaded from
 
http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml;jsessionid=MMNC3WAXX
TVUMQSNDLPSKH0CJUNN2JVN

   I suggest that other list readers also get a copy of this, since it
has a
   lot of key information not yet in the news reports.   In my opinion
there
   are some  positive findings in the report with respect to trends, and
   while the number of companies surveyed might seem small, some of them
are
   extremely large companies.  Also the report has good graphs to help
us
   grasp implications.

   Findings include:
   * 616 companies participated in the latest survey.
   * 1/2 of them gave details on financial costs of losses, where the
average
   loss was $ 167,713 (last year it was $203,606)
   * 3/4 of the financial losses are due to: virus attacks, unauthorized
   network access, laptop and mobile hardware theft, proprietary
information
   / intellectual property theft.
   * Breaches are not as lucrative for crooks as in past years, with
respect
   to how much they are getting directly from the companies breached
   * More than 80% of the surveyed companies now conduct security audits
   (meaning 1/5 are not doing so)
   * Companies resist reporting being victims of computer crimes ...
many
   breaches still being swept under the rug
   * Government mandates and compliance issues are a hot topic.
   * Security outsourcing is not as prevalent in USA. as previously
thought,
   although I consider the report figures to be significant
   * IT groups want to educate and train internally to mitigate risks.

   Several of the news media articles on this FBI CSI report:
 
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1
199280,00.html

 
http://www.securitypronews.com/news/securitynews/spn-45-20060714CSIFBIRe
portonVirusAttacksandFinancialLosses.html

 
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/0
7-13-2006/0004396284&EDATE
   =

   http://www.crime-research.org/news/14.07.2006/2120/
--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list To post a message email:
Midrange-NonTech@xxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-nontech.



This email is for the use of the intended recipient(s) only.  If you
have received this email in error, please notify the sender immediately
and then delete it.  If you are not the intended recipient, you must not
keep, use, disclose, copy or distribute this email without the author's
prior permission.  We have taken precautions to minimize the risk of
transmitting software viruses, but we advise you to carry out your own
virus checks on any attachment to this message.  We cannot accept
liability for any loss or damage caused by software viruses.  The
information contained in this communication may be confidential and may
be subject to the attorney-client privilege. If you are the intended
recipient and you do not wish to receive similar electronic messages
from us in future then please respond to the sender to this effect.

--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-nontech.


--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list To post a message email:
Midrange-NonTech@xxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-nontech.



This email is for the use of the intended recipient(s) only.  If you have 
received this email in error, please notify the sender immediately and then 
delete it.  If you are not the intended recipient, you must not keep, use, 
disclose, copy or distribute this email without the author's prior permission.  
We have taken precautions to minimize the risk of transmitting software 
viruses, but we advise you to carry out your own virus checks on any attachment 
to this message.  We cannot accept liability for any loss or damage caused by 
software viruses.  The information contained in this communication may be 
confidential and may be subject to the attorney-client privilege. If you are 
the intended recipient and you do not wish to receive similar electronic 
messages from us in the future then please respond to the sender to this effect.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.