Sunday, December 02, 2018

This could be an outline for several of my Computer Security lectures.
What the Marriott Breach Says About Security
We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.
… The companies run by leaders and corporate board members with advanced security maturity are investing in ways to attract and retain more cybersecurity talent, and arranging those defenders in a posture that assumes the bad guys will get in.
This involves not only focusing on breach prevention, but at least equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when an adversary gains an initial foothold is like allowing a tiny cancer cell to metastasize into a much bigger illness that — left undetected for days, months or years — can cost the entire organism dearly.




Like the judge, I don’t think we have the entire story yet. Why take all that data to the UK?
Judge Orders Software Exec to Turn Over Laptop After He Leaked Data on Facebook
The co-founder of a software company was ordered by a judge to surrender his laptop to a forensic expert after admitting he turned over confidential documents about Facebook Inc. to the U.K. Parliament in violation of a U.S. court order.
Sensitive internal Facebook records that were supposed to remain sealed in a California lawsuit were leaked to a parliamentary committee by one of the founders of app Six4Three, which sued Facebook three years ago over access to friends’ data.
… Kramer has admitted to traveling to London where he claims he was pressured to hand over the information to Damian Collins, who heads Parliament’s Digital, Culture, Media and Sport Select Committee.
… Facebook accused Kramer’s attorneys of complicity in the release, arguing that Kramer could only have access to the sealed files in a Dropbox account if attorneys gave it to him.
A third-party forensics team will pick up Kramer’s laptop, along with his attorneys’ computers, on Friday night. He didn’t bring it to court.




Dilbert explains “managing up.”


No comments: