|
Here it is again.Actually I have made variations on the statement more than twice on this list, but only twice recently.
Off Topic news from SECURITY IN THE NEWS List-Archive: <https://thei3p.org/pipermail/security-news-html> Title: Lost Ernst & Young laptop exposes IBM staff Source: The RegisterAn Ernst & Young employee has lost a second laptop, this one containing the names, Social Security numbers, and other data of thousands of IBM employees. The loss occurred in January 2006 when the laptop was stolen from the employee's car; letters informing IBM employees of the compromise did not arrive until March 8. Ernst & Young is offering a free year of credit monitoring services from Experian.
This follows news in February that an Ernst & Young laptop containing data on Sun Microsystems employees -- including chief executive Scott McNealy -- was stolen. Ernst & Young has a policy prohibiting the storage of personal data on laptops, but we see how well it is enforced. The company also assures customers that the information is password protect, a measure security researchers consider grossly inadequate.
<http://www.theregister.co.uk/2006/03/15/ernstyoung_ibm_laptop/>http://www.theregister.co.uk/2006/03/15/ernstyoung_ibm_laptop/ There's been a bunch of other news stories on this. Major topics:* FIVE laptops lost by SAME audit firm, one each for 5 different major corporations being audited ... news media does not tell us if it was the SAME employee each time, 5 different employees, or somewhere in between
* Vast number of IBM employees impacted * Long time delay between breach and victim notification * What passes for compensation of victims * What passes for adherence to SOX by companies supposedly policing SOX Note that this is kinda off-topic for midrange_Land it is only indirectly an issue for IBM internal controls, since it was THEIR AUDITORS who mucked up
Now lots of audit firms have done this kind of thing, so if IBM or any other firm says "we won't use you next year because of this" perhaps whichever one gets the job will be a mite more careful than they might be otherwise
Careful observers will also see that I replied to the postbefore I realized that Dave Gibbs had not approved of the post that I replied to
this was an error on my part sometimes I am a bit of a klutz I was not as observant as I should have been t 10:21 PM 4/3/06, you wrote:
Al Mac wrote: >>back stabbing 100% of IBM employees does not qualify as a material >> aspect of SOX. Al -- this is the second time you have made that statement. Perhaps I am not informed, but can you please provide the context for that statement. -- Tom Jedrzejewicz tomjedrz@xxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.