in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Loss Prevention Failure Should Lead To CEO Jail Time?

An international survey conducted by Websense reveals that 30% of respondents think that CEOs and board members at companies where a data breach occurred should be jailed.  Now, I wouldn't find this too surprising, except that it was a survey done on security professionals at the 2009 e-Crime Congress.  That's got me scratching my head.

The use of firewalls, data redaction, data encryption, and other data loss prevention and information security measures can radically minimize data security breaches.  However, it's also agreed that the same can only do so much.

For example, how are these technologies going to prevent the "grand poobah" database administrator from copying data to a USB disk which will subsequently be sold to the competition?  They can't.  And if said admin is also in charge of the logs, he can get rid of his activities.   (The trick is to have someone else in charge of the logs, but there are other issues as well: how do you differentiate the illegal activity from normal operations?)

Obviously, there's very little one can do in instances like the above.  It's the classic case of who's going to police the police.  I can tell you, it's not going to be the CEOs--they generally don't have the necessary skills.

And that brings me back to my head-scratching.  Will jailing CEOs for data breaches really make a difference?  Isn't that similar to updating firewalls after hackers get through or installing full disk encryption like AlertBoot on laptops after computers get stolen or lost?  (Which is what's happening currently.)

Maybe what they meant is that CEOs should feel the pressure to really take a good look at their company's data security measures.  But that can be achieved via other methods:  62% of the survey respondents opined that companies should be fined (not sure if there's any overlap with the jail-the-CEO crowd) for breaches.  Make the fine big enough, and CEOs are bound to take notice.

Also, this is just a guess, but I figure the CEOs wouldn't really change their priorities even if they face the potential for jail time. The reason?  Most people--CEOs included--pay scant attention to data security not because they don't have a personal stake, but because they believe it won't happen to them.

It's like jaywalkers: the threat of being run over is not enough to prevent them from crossing at designated areas because they don't think they'll ever become roadkill.

Will jail time for CEOs get their attention?  Sure.  Will it prompt them to assign priority to data security over the bottom line?  Doubtful.

Related Articles and Sites:
http://www.prwire.com.au/pr/12553/jail-for-data-loss-ceos-says-e-crime-congress-survey
http://security.cbronline.com/news/data_breach_ceos_should_face_jail_survey_300409
http://www.cxotoday.com/India/News/No_Mercy_for_CEOs_of_Defaulting_Companies/551-101533-909.html

 
<Previous Next>

Laptop Encryption Software Not Used On Missing St John Regional Hospital

Disk Encryption Lacking On Oklahoma FHA Laptop - 225,000 Affected

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.