IT Security

Question

IT Security

Steve Jones - SSC Editor

SSC Guru

Points: 734418
More actions
October 5, 2013 at 11:40 am

#283457

Comments posted to this topic are about the item IT Security

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Jeff Moden SSC Guru Points: 1003853 More actions · Answer 1

Let's talk about the "other side" of security.

From what I've seen on these very forums, most companies shouldn't be allowed to be in business never mind write even a single line of code. How many times have we seen people with query requests where the SSN, TIN, Credit Card numbers, and other personal information are stored in clear text? Even storing the "last 4 digits" and someone's birthdate in clear text is a violation, in my eyes. You can do a whole lot of damage with just those two pieces of information if you're dedicated to the art of invasion.

As for "allow shoddy code", that's totally wrong. They INSIST on shoddy code because "it takes too long to do it right". :crazy:

Enforcement is stupid, as well. I worked for one company that repeatedly failed PCI compliance but they were still allowed 2 whole years to get their act together. My feeling is that such compliance should be achieved and certified by proper authority BEFORE anything hits production. But, NO, that would slow things down too much.

Don't get me started on all of the information, like SSN's, etc, that we have to give up just to get the lights turned on in the house or to procure other simple services. It's ridiculous and so is the way a whole lot of supposed reputable companies/hospitals, etc handle the data.

I guess that qualifies as a "rant", huh?

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

Steve Jones - SSC Editor SSC Guru Points: 734418 More actions · Answer 2

Jeff Moden (10/5/2013)
...
I guess that qualifies as a "rant", huh?

Yep, and I agree.

John Hanrahan Hall of Fame Points: 3825 More actions · Answer 3

Jeff's "rant" sure hits home. I think it's only going to get better when the data owners are going to be held accountable whether it's through insurance, criminal proceedings or maybe social media/economic hurt. It feels like a house of cards.

David.Poole SSC Guru Points: 75896 More actions · Answer 4

Steve Jones - SSC Editor (10/6/2013)
Jeff Moden (10/5/2013)
...
I guess that qualifies as a "rant", huh?
Yep, and I agree.

Ditto from me.

LinkedIn Profile

TomThomson SSC Guru Points: 104773 More actions · Answer 5

David.Poole (10/8/2013)
Steve Jones - SSC Editor (10/6/2013)
Jeff Moden (10/5/2013)
...
I guess that qualifies as a "rant", huh?
Yep, and I agree.
Ditto from me.

I agree too. But Jeff understated it, this stuff needs serious penalties and insurance premiums won't be painful enough to make anything happen. In Europe we have some legislation, but the sticks consist of fines which are rarely imposed and anyway are generally at a level which is peanuts compared to the daily profits of the offending companies or the daily money wasted in government bureaucracies which also spill all sorts of data plus getting your incompetence documented in the newspapers). We need hard laws aboy what data needs to be protected properly and jail time for the directors (US English: vice presidents) responsible for the mess, because just about all the data on the planet is totally unproteced and will stay that way as until it costs real pain to fix it.

Tom