Skip to main content

The WiKID Blog

Viewing posts tagged Security and Economics

infoworld-on-how-to-become-a-great-information

Consistency, covering the basics and using metrics Great article for all management, not just information security. When problems crop up in management, it is usually because either we stopped doing some basic thing like cross-department meeting or it could have easily been avoided by implementing some new simple thing.

infosec-economics-article-on-security-pipeline

There's an interesting article on Security Pipeline about the economics of information security. The article discusses why ROI is a poor measure, echoing my first post. But it misses out on a key point: that investing in security reduces your weighted average cost of capital and that you must include the cost of capital in your investment analysis.

is-it-time-for-a-pci-upgrade

That's the question proposed in this post: Breaches Make a Mockery of PCI Security Standards (Ouch.) I would say "Yes".

lexis-nexis-breach

As Adam had pointed out the Lexis Nexis breach was due to " misappropriation by third parties of IDs and passwords from legitimate customers".

maybe-they-will-pay-it-with-a-credit-card

A credit union has sent TJX a expenses related to the breach at TJX. Interestingly, $500k is for "brand damage":

"The bill was for both direct operational costs that we incurred reissuing new debit cards to our customers, as well as the costs to us from a reputational standpoint," he said. According to Blake, the TJX breach resulted in HarborOne having to block and reissue about 9,000 cards at a cost of around $90,000. The remaining $500,000 is what Blake believes the breach cost the credit union in terms of brand damage.
And it looks like more states are pursuing regulations requiring retailers to take responsibility for data breaches.
HarborOne's action comes amid growing pressure from credit unions and other financial institutions around the country to get retailers to take financial responsibility for data compromises. Credit union associations in various states are vigorously lobbying lawmakers to approve bills that would require retailers to implement stronger data-security measures and to reimburse costs associated with reissuing payment cards after a breach.

One such bill is the Plastic Card Security Act that was signed into law in Minnesota last month after being actively pushed by the Minnesota Credit Union Network. And the California Credit Union League is now pushing a bill similar to the one in Minnesota. Other states, including Texas and Connecticut, have considered similar proposals recently.
Will the PCI data security requirements be too little too late?

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom