|
|
|
|
|
|
by IncRnd
3558 days ago
|
|
|
Well, I am most certainly a working security professional. It sounds as if you've given up and become a bean counter. If the answer you give your CEO is "no," then you aren't giving the proper answer. You are just being a "yes man," saying comforting words. >> So now Yahoo has a big problem because they had this breach. First of all, is this actually a big problem? I mean this in absolutely the best way possible, you shouldn't ever be allowed near either a business or a security decision that affects people's lives or livelihood. If you think that disclosing hundreds of millions of records (many of which must contain PII) is without repercussion, then I have a pretty good idea of which end of the security stick you are holding. You are describing a business model where you piss on your customers by transferring 100% of the risk to them. |
|
|
Personal attacks aside, let's you and me go out to a bar and sing songs of how things should be. Tomorrow, we have to go back to how things are. In the land of how things are, to the business, the disclosure doesn't matter. Full stop. Does it matter to the customers? Oh yes. Dearly. It's a really big deal to humanity. The business and humanity are discrete.
Is that a tragedy? Yes. I weep. I go home and drink every night for this reason. Until I don't want to work for people that pay money, though, you have to think about the business first. Humanity second. Anything else is a fairy tale or communism.