This article is part of the December 2007/January 2008 issue of Reflections on the impact of Sarbanes-Oxley
Getting the Point by Mark Baard ChoicePoint put data breaches on the front page of The Wall Street Journal, into corporate boardrooms and the consciousness of Americans. ChoicePoint CISO Richard Baich's protestations in 2005 that his company was the victim of fraud, not a hack, sound almost archaic now. "This is not an information security issue," Baich told Information Security shortly after ChoicePoint disclosed 163,000 customer records had been accessed. "My biggest concern is the impact this has on the industry from the standpoint that people are saying ChoicePoint was hacked. No we weren't. This type of fraud happens every day." In fact, the incident underscored the vulnerability of sensitive data to many attack vectors, from classic computer hacks to trusted insiders to thieves like the ChoicePoint fraudsters. They posed as legitimate business customers and set up accounts to obtain the type of information that ChoicePoint typically sold third parties. It's not that ChoicePoint was the first or the worst data breach, but it was spectacular, driving ... Access >>>
Premium Content for Free.
Blow Out the Candles
Information Security magazine turns 10 years old, maturing right alongside the security industry.
Getting the Point | Turning Points | Nefarious Numbers | SOX Appeal | Evolution of a Hacker | Digital Pickpockets | The Toughest Battle: 10 Years, 10 Attacks | We Hardly Knew Ye
A Dynamic Decade | News of the Day | Trustworthy Finally? | Crystal Ball
- Blow Out the Candles
The View from Visionaries | Taking the Services-on-Demand Plunge | Warning Signs | Web of Worry | Attack Toolkits | VoIP Vulnerable
How Sarbanes-Oxley changed the information security profession
Sarbanes-Oxley empowered information security professionals with the clout they'd sought for so long.
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...