[40410] in bugtraq
Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational
daemon@ATHENA.MIT.EDU (Kenneth F. Belva)
Wed Sep 21 14:07:27 2005
Message-ID: <43315169.8020406@ftusecurity.com>
Date: Wed, 21 Sep 2005 08:26:17 -0400
From: "Kenneth F. Belva" <ken@ftusecurity.com>
MIME-Version: 1.0
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
This paper was delivered as the keynote presentation at the FiTech
Summit 2005.
You may find a link to the FiTech Summit here:
http://www.me-uk.com/summits/eventdetails.asp?eventID=9022
The paper asks:
Given a publicly disclosed security incident, "to what extent is (or
isn't) investor confidence shaken? In other words, why is it the case
that information security incidents do not appear to have a greater
impact on both investor confidence as well as the public at large? To
phrase the question in financial terms: why isn't the top line effected
more than it is? To poignantly highlight this phenomena we ask: If 40
million customer credit card numbers are exposed in a security breach at
the credit card processor CardSystems , why do a significant number
people not cancel their Visa and/or Mastercard?"
A copy of the presentation may be found here:
http://www.ftusecurity.com/pub/FiTechSummit_final_paper.pdf
This paper should be regarded as a starting point for further, positive
discussion.
Sincerely,
Kenneth F. Belva, CISSP
http://www.ftusecurity.com
