[Info-vax] Variable declarations, was: Re: improving EDT
David Froble
davef at tsoft-inc.com
Wed Nov 23 15:19:40 EST 2016
Kerry Main wrote:
>> -----Original Message-----
>> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
>> Of David Froble via Info-vax
>> Sent: 22-Nov-16 11:42 PM
>> To: info-vax at rbnsn.com
>> Cc: David Froble <davef at tsoft-inc.com>
>> Subject: Re: [Info-vax] Variable declarations, was: Re:
> improving
>> EDT
>>
>> Arne Vajhøj wrote:
>>> On 11/22/2016 4:04 PM, David Froble wrote:
>>>> I've had two experiences that caused me to throw in the
>> towel and do
>>>> whatever people wanted.
>>>>
>>>> 1) I mentioned to a customer that storing credit card data
> and
>>>> checking account data with no protection on an IIS server
>> wasn't a good idea.
>>>> The response: "why not, everyone does it".
>>> One word:
>>>
>>> PCI-DSS
>> Ayep! And, PCI isn't about security, it's about the credit
> card
>> companies wanting someone else to be responsible when stuff
>> happens.
>>
>>>> 2) While discussing security with another customer I was
> told
>> "my
>>>> boss doesn't care about security".
>>> Unfortunately that happens.
>> Ayep!
>>
>
> Based on this conversation, this is a timely article from earlier
> today:
>
> How to Protect the Encryption Keys to Your Kingdom
> http://bit.ly/2g3fxw4
>
> "Tatu Ylönen, CEO and founder of SSH Communications Security, was
> clearly frustrated as we talked over lunch. “Why can’t I get
> through to them,” he asked, almost rhetorically. Ylönen was
> expressing a level of dismay common in the security industry.
> Getting senior management to invest in security can be a daunting
> task."
>
> Original will wrap:
> http://www.eweek.com/security/how-to-protect-the-encryption-keys-
> to-your-kingdom.html
I'll tell you why.
"I sell lawnmower parts, that's what makes money. Why should I waste money on
anything else?"
There is a lot of truth to a statement like that. Computers are an overhead,
not a profit center. More spend on computers (security) takes even more from
the bottom line.
When a company spends on security, it's because they have to, not because they
want to. With widespread use of credit cards, they have to, but they don't like it.
More information about the Info-vax
mailing list