Comments on: Uncle Sam's newest security challenge to businesses

Congress will soon consider new laws to better protect businesses against security breaches. Websense CEO Gene Hodges argues against a one-size-fits-all approach.

[wbenton]

Solution is really Simple

>>>. Forrester Research says that a security breach can cost anywhere between $90 and $305 per record, meaning that the cost of a single, significant breach may run into millions or even billions of dollars.<<<

Bill the company the millions or billions.

Once companies realize that their lax security might just be the string that broke the company's back... they'll start investing tens of thosands of dollars to upgrade their security levels to what they should have been in the first place rather than have to fork out the millions or billions for clean-up.

Risk strategies will show them that investing in stronger security is risk headging at it's best! (* GRIN *)

No new "one-size-fits-all" government ursurping more unnecessary tax dollars is required at all!

Bottom Line: Anti-up for stronger security or anti-out of the market place.

Walt

[zlando]

Check out this program!

A new program from called SecInclude from Israel... from the tops in the league that is making waves not only for it's ability to stop hackers, but it's price.... many of the hi tech firms here use it....

www.modumax.net

[pguglietti]

The same old story.

Once again we are told that busioess is its own best regulatory, that government can't and shouldn't be involved. The simple fact is that business interests do not act for the common good unless forced to do so--it's against their bottom-line interests to do more than the bare minimum of self-regulation. What else can consumers do except use government as a toll to ensure compliance to a rerasonable standard.

[fire1fl]

"Moanin' Blues" ought to be the theme for

all the Sarbanes-Oxley crap being spewed by the Wall Street mavens. Investment is a risky proposition but the playing field shouldn't be a haven for cheats, sharks, charlatans, or gangsters. There are many key words that will bring up the reasons to regulate corporations (transparency, charge-back, director misfeasance, share fraud, back-dating, etc.)but if there is just one word on which to search, let it be Exxon.
Security is just another example of most companies skimming along, hoping the odds increase profit at the risk of the customer.

The government exists to (and should) level the playing field. Placing the responsibility (and risk) where it belongs, in this case with the companies and boards, is exactly what the government *should* do. Being a customer should not carry the risks of endless identity crises.

[caelli]

Security challenge to business - "everything old is new again"

Think about it!
Congress ( and Websense's CEO) are asking industry to categorise (classify) their information systems in relation to information assurance requirements. Well - yes - 25 years ago that is exactly what the bases of the "Orange Book" were - and - that led to the insightful decision that "mandatory" style access was a real need for environments where mixed security needs and responsibilities existed. BUT - BUT - governments worldwide ignored this and let the ICT industry develop and sell pointless "discretionary" access systems with little interest in industry regulation. So where to now? When do we stop blaming the end-user 9small, medium or large enterprises, public or private) and blame and regulate the industry itself. By now we should be seeing operating systems and allied structures that enable strong access control on the basis of exactly what this article advocates - a classification of applications and users into categories that can be reliably ENFORCED - and an obsolete "C2" type discretionary, commodity system will not "hack it". Indeed, if congress takes up the points made in this article then ALL server systems in the USA should be based around "type enforcement" concepts as set out in the NSA's "Secure LINUX" (SELinux) project - itself 7 years old by now - at least in the open world.

Richard Clarke has said it, everyone agrees - a "laissez-faire", non-regulatory stance on the ICT industry, different from other industries such as pharmaceuticals, food, air transport, healthcare and the like, has led us to where we are. It is time now for congressional action - BUT - not just on the hapless ICT product and system consumer but rather on the industry itself!!