Saucus goose, saucus gander

Students of the Target credit card breach may remember that access to Target’s POS system started with a security breach/hole at a small refrigeration contractor saving money on its antivirus software.

“Hackers Find a Way In,” Wall Street Journal, September 18, 2014 A3. Transportation companies working with the US military were breached at least 20 times last year, and the US military was advised of 2 of the breaches. The hackers were linked to the Chinese government.

Do your contracts with vendors require them to notify you if they are attacked or breached?  The government now does.   Wouldn’t that be a good control for you to have? Would you enforce it?

What about US attempts to spy on Chinese government activities?  Is that different?

Leave a comment

Filed under Board, Business Case, Controls, Governance, Information, Interconnections, Internal controls, IT, Management, Oversight, Ownership, Protect, Protect assets, Protect information assets, Risk, Security, Third parties, Value

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s