The Inside Job

  • Comments posted to this topic are about the item The Inside Job

    Best wishes,
    Phil Factor

  • I have a particular aggravation with the approach to financial security. Those issues are particularly apt for cost benefit analysis. My main issue is who assumes the risk.

    My credit card company authorized a charge recently from a vendor that did not publish a phone number. I would assume their card member required one. Whether or not it did, the credit card company refused to disclose the phone number to me.

    412-977-3526 call/text

  • The financial and healthcare industries are already regulated, because they involve money and privacy, but really unsecured data can cost individuals their money and privacy regardless of the line of business with which it's being exposed. I'm solidly on the right hand side of the political bell curve when it comes to limiting state power and free market capitalism, but I have to say that the U.S. can do more when it comes to digital security. The government should regulate the storage and usage of sensitive data (like personal identifiers or credit card numbers) as a type of hazardous material; dictating how it should be secured and the circumstances by which it is shared with 3rd parties. It's about protecting individual rights from both commercial, government, and criminal abuse as well as securing the homeland.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • I wonder whether it could be made easier to sue firms for negligence when you find that they've lost your details to the Dark Web. The problem with this is the temptation that firms would have to cover up a lapse in security.

    Best wishes,
    Phil Factor

  • I have had developers turn round and say that security is not part of the spec so it doesn't apply to them. Yeah right.

  • Yet Another DBA - Monday, January 23, 2017 3:41 AM

    I have had developers turn round and say that security is not part of the spec so it doesn't apply to them. Yeah right.

    There is no helping some people. Not just limited to developers either.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • Only once have I gone as far to think "Oh, the havoc I could wreak!!!" but not ever thought about doing anything. I have gone so far as believing that I am justified being disgruntled but never justified stealing or manipulating date etc. I would never do anything about it beyond leaving (and/or maybe informing the appropriate authorities if I feel that there are illegal activities I am bound to report). Most, if not all, that seem to post here are in countries where they are at liberty to do something about changing their work environment.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • Gary Varga - Monday, January 23, 2017 5:59 AM

    Yet Another DBA - Monday, January 23, 2017 3:41 AM

    I have had developers turn round and say that security is not part of the spec so it doesn't apply to them. Yeah right.

    There is no helping some people. Not just limited to developers either.

    I've explained the EU regs about security of personal data to some people who took that attitude.  Most of them could be helped.  Being unable to be helped on this topic is a serious career obstacle in any organisation/company operating in the EU other than those who are able to pay large fines for their illegal operations (Google et al.)
    In my experience, the ones who can't be helped are mostly junior or middle managers, DBAs, or SysOps, rather than (non-management) developers.

    Tom

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply