tjx

Guest lecturing at the Norwegian school of Management

Submitted by Kai on Fri, 2008-09-05 13:21.
I have received an invitation to do a guest lecture on information security at the Norwegian school of management BI again this year. You may recall that I did this last year too (more, and more).

As I did last time, I would love to have your ideas and inputs as to what I should focus on. Last year, I made it an interactive workshop around the TJX case. It worked great, and I got great feedback. This year I was thinking along the lines of black PR, and how to deal with it from a company view.

What are your thoughts on that? Is it a viable security issue from a company view? Are there any well known cases out there?

TJX - over reaction?

Submitted by Kai on Mon, 2008-08-18 14:15.
Benjamin Wright posted a comment about TJX case been an over reaction. He has also posted on this on his own blog.

First things first: let me welcome you to the blogosphere! Taking your expertise as a laywer, I probably should just shut up and not start to argue, but then again, what is the point of a discussion if we cannot share our opinions?

To you comment, I do not agree that there has been an over reaction. I think this depends on your point of view. If you consider only the known theft of money, you might be right.

However, if you consider the theft of privacy, the costs related to renewing CCs and the potential threat to the CC holder, I think the reactions so far has been anything but over reaction. I also think it is necessary to consider the time frame of the attack - this went on for quite a while, and I think it is important to consider that this was an important "wake-up" call to many shops.

You say that the Credit card issuers over reacted. I disagree. Their alternatives where:
  • say nothing (and wait for the press to find out...ticking, expensive bomb)
  • say "your credit card info is just lost, but hey, who cares? It is way too expensive to issue a new card" (and wait for customer to yell, call the press and cancel their cards manually; adding potential expensive law suits to the cost)
  • do as they did - cancel all cards, issue new ones. High initial cost, but low cost & risk in the long run. Just imagine the cost of loosing the trust of the credit card user...

Where are the Cyber criminals located?

Submitted by Kai on Thu, 2008-08-07 10:14.

And how do they form their "street gangs"?

I'd love your input on this topic. I would be particularly interested in input on how the groups form (if groups exists, that is???), how they overcome communication obstacles, how they find their targets, how the share the work.

As seen in the TJX-case, it seems some of these groups form without caring about national borders, origin and language. In this particular case, at least nine persons formed the group. These persons came from, and are located in, at least six different countries, and spoke a minimum of six languages (my guess the communication would be using English).

In the TJX case we also know quite a bit of how they operated, and how they used the data they stole.

What can we expect in the future? What is going on right now, under our radars? I'd love your input on that!

12345next ›last »
Syndicate content

Recent comments