<![CDATA[[SecurityRatty] tag: tjxs]]> http://securityratty.com/tag/tjxs Tue, 05 Feb 2008 04:44:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Show 030 - An Interview with Ken van Wyk]]> http://securityratty.com/article/0b1369b7e3490f60e22d2ae7d871f6c7 http://securityratty.com/article/0b1369b7e3490f60e22d2ae7d871f6c7 Ken van Wyk

On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline of computer science doesn’t learn from failure like mechanical engineering does, how we’re making steps backwards in computer security, whether focusing on web applications is a good or bad thing for software security, and Ken’s recommendation for moderately-priced red wines.

]]> Fri, 26 Sep 2008 17:23:25 +0000 van wyk tjxs stock increase barbara dasti wines tacoma narrows bridge kens personal page red wines secure security breach gary talks Show 030 - An Interview with Ken van Wyk <![CDATA[Again On Breaches and Stock Price]]> http://securityratty.com/article/13371f6c645132032f5b6217ed929cd6 http://securityratty.com/article/13371f6c645132032f5b6217ed929cd6 Richard "IDS is dead" Stiennon throws a bomb: "First, esoteric matters like IT security really do not matter to the overall performance of a retailer. Customers, employees, stakeholders, apparently don’t care. Second, no matter what the security industry says, you should not justify security spending based on potential impact of a data breach on your stock price. That theory is completely disproved by TJX."

Enraged? Think he is pushing it too far? Being illogical? Me too :-) I don't think TJX example just goes and "disproves" it; we don't really know how it works with breaches and stock prices (some say 4-8% down, some say none, some say 'major impact', whatever...)

He then clarifies: "But let me point out that TJX has attributed $200 million in direct costs to this breach. It is easy to surmise this is bigger than just about anyone’s security budget. In TJX’s case some well known security practices and a little security spending would have avoided this whole incident."

Overall, a fun read. Still, I think breach impact assessment and breach's impact on anything (much less the stock price...) is not really well-defined or understood yet ...
About me: http://www.chuvakin.org
]]> Tue, 11 Mar 2008 21:34:00 +0000 security security practices stock price data breach impact anyones security budget potential impact breach breach impact assessment Again On Breaches and Stock Price <![CDATA[Nobody Is That Dumb ... Oh, Wait IX]]> http://securityratty.com/article/4e7c40a54a803f72383def6af4071f99 http://securityratty.com/article/4e7c40a54a803f72383def6af4071f99 series comes back - with a vengeance! I really should have launched "the dumbest prediction of the year" contest, but I didn't :-) Still, we have a wiiiiiiiiiiinner: "TJX’s Security Breaches Will Force it to Go out of Business or to Merge with Another Company" Huh? Then it gets better: "Furthermore, the negative impact upon TJX’s public image is difficult to assess, but it is not difficult to imagine that it has been large."

Ummm, no! I think people rightly don't care and will continue to shop at TJX. In the event of card abuse, one 10 minute call to your CC issuer solves the problem; a new card arrives in a few days. Magic! :-)

I bet the opposite will happen: this will prove that you can operate while 0wned and leaking data like a sieve ...
About me: http://www.chuvakin.org
]]> Tue, 05 Feb 2008 04:44:00 +0000 tjxs security breaches card card arrives tjxs public image minute call negative impact dumb issuer solves wait Nobody Is That Dumb ... Oh, Wait IX