Gravatar It seems to me that it would be hard to implement such a regulation, people can talk far more rubbish around a subject than you can effectively put into regulations. Having said that, you might have a better idea than me about how to write this, being more at the coalface of such things. I'm too far removed from the actual implementation these days, I just rely on feedback from customers.

That is to say: I don't know, and have no way of knowing.
Rob Newby | Homepage | 07.05.07 - 12:12 pm | #

Gravatar Well, the interesting thing is that Keith Rhodes is the auditor, or better said, the technical subject-matter expert for the auditing agency.

It's even scarier than you thought. =)
rybolov | Homepage | 09.06.07 - 10:16 pm | #

Gravatar This question is tricky in my opinion, I do not think that legislators have the skills to know what needs to be put in place. Additionally, I believe that many corporations will only do as much as they feel they are required to do. Using this view I feel that if congress puts it into law that we must use syslog and an automated process to audit syslog, then that is the sum total of what many companies will do. Conversely, if congress (or some other legislative/policy driving body) doesn't give guidelines then those same companies will do nothing.

The landscape needs to get to a point where there are examples in the news of how quickly, cost effectively and customer friendly an organization with proper audit controls in place can respond to a crisis. When someone like TJX gives vague answers and their stock dips it needs to be offset in the media by an example of a major bank sending notice that

"A breach has occurred and some of our data could possibly have been viewed. Our extensive logging indicates that nothing has been viewed or stolen, however we have notified the cardholders and their issuing banks as a precaution. If you wish us to we can provide you with a credit report at our expense quarterly for the next 24 months to help with peace of mind"

That type of disclosure tends not to A) have horrible repercussions financially and b) (unfortunately) not get proper coverage by the press.
Karl Tatgenhorst | Homepage | 07.26.08 - 7:53 pm | #

Gravatar Hi your blog is cool.
I think it's a good point for debate. Looking forward to it.
pci | Homepage | 06.30.09 - 5:22 am | #



Name:

Email:

URL:

Comment:  ? 

 

Commenting by HaloScan