Forwarded from: DKezer@dyncorp-dc.com This policy from the FBI provides no relief from current corporate responsibilities, it just gives the assurance that the FBI will not release any data they are given (the believability of that policy is another topic). The company still has the same obligation to shareholders, depositors, or investors it had before this policy was stated. Dennis Kezer From: InfoSec News <isnat_private> Date: Monday, November 4, 2002 1:30 am Subject: Re: [ISN] Feds pursue secrecy for corporate victims of hacking > Forwarded from: hugginsat_private > > Let me see if I get this right > > I'm xyz bank I haven't taken the initiative to hire a security mangaer > or have hired one but, pay them minimum, they tell me I need to fix > security holes I say nah to expensive. I get hacked, my user data > base and credit card information is stolen. Numerous account users > identities are stolen but, because I report it to the FBI I dont need > to disclose it to my stake holders, or customers at will. Hmmm! > sounds great rob me again. > > > http://www.nandotimes.com/technology/story/601028p-4652104c.html > > > > By TED BRIDIS, Associated Press > > > > WASHINGTON (October 31, 2002 6:36 p.m. EST) - Senior law enforcement > > officials assured technology executives Thursday that government > > will increasingly work to keep secret the names of compan. [...] > > "The mere calling of us in an investigation can have an adverse > > impact on the image of your company," said Mueller, who has made > > cybercrime an FBI priority. In exchange for this protection, Mueller > > said, companies should more frequently admit to the FBI when they > > are victims of hacking. "You're not enabling us to do the job," he > > said. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 00:44:57 PST