This article is part of the December 2007/January 2008 issue of Reflections on the impact of Sarbanes-Oxley
Getting the Point by Mark Baard ChoicePoint put data breaches on the front page of The Wall Street Journal, into corporate boardrooms and the consciousness of Americans. ChoicePoint CISO Richard Baich's protestations in 2005 that his company was the victim of fraud, not a hack, sound almost archaic now. "This is not an information security issue," Baich told Information Security shortly after ChoicePoint disclosed 163,000 customer records had been accessed. "My biggest concern is the impact this has on the industry from the standpoint that people are saying ChoicePoint was hacked. No we weren't. This type of fraud happens every day." In fact, the incident underscored the vulnerability of sensitive data to many attack vectors, from classic computer hacks to trusted insiders to thieves like the ChoicePoint fraudsters. They posed as legitimate business customers and set up accounts to obtain the type of information that ChoicePoint typically sold third parties. It's not that ChoicePoint was the first or the worst data breach, but it was spectacular, driving ... Access >>>
Premium Content for Free.
Blow Out the Candles
Information Security magazine turns 10 years old, maturing right alongside the security industry.
Getting the Point | Turning Points | Nefarious Numbers | SOX Appeal | Evolution of a Hacker | Digital Pickpockets | The Toughest Battle: 10 Years, 10 Attacks | We Hardly Knew Ye
A Dynamic Decade | News of the Day | Trustworthy Finally? | Crystal Ball
- Blow Out the Candles
The View from Visionaries | Taking the Services-on-Demand Plunge | Warning Signs | Web of Worry | Attack Toolkits | VoIP Vulnerable
How Sarbanes-Oxley changed the information security profession
Sarbanes-Oxley empowered information security professionals with the clout they'd sought for so long.
More Premium Content Accessible For Free
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...
In the rush to capitalize on big data, many companies forget that developing an ecosystem of structured and unstructured data means higher risk of ...
As the number of Internet-connected devices grows, the potential security challenges of the so-called "Internet of Things," or IoT, can no longer be ...