Comments on: Time to face the truth about data security

If you think the situation's bad now, security specialist Jon Oltsik has got news for you: Things are even worse than you think.

[Vetter83]

Nothing will change....

until we (read: Federal Law) requires that companies that use, store, sell or handle any confidential consumer information are FULLY financially responsible for its security.... Things would change in a huge hurry if companies were liable for ALL expenses, costs and fees to repair anyones credit, data, and security regardless of the circumstances or cost..

[ejevo]

The ONLY thing I've seen that's been effective...

The ONLY thing I've seen that's been effective in initiating change in areas of security is legislation that includes harsh penalties and specific levels of enforcement. HIPAA was a prime example, although there are now rumors that since the buzz has worn off, compliancy is beginning to wane.

In your traffic analogy, if the penalties were much harsher then less drivers would be willing to risk the consequences.

Make non-compliance hurt - really hurt - and you'll see companies start to toe a much better line. Otherwise companies just can't justify the expenditures necessary to put themselves in a better defensive position.

[wbenton]

Security Just Ain't...

It's generally safe to consider that data security "Just plain Ain't" until such can be proven otherwise.

And even if it can be proven otherwise... it's only a matter of time before that otherwise can be proven inefficient.

Walt