From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 7 Jun 1996 21:06:02 +0800
To: jya@pipeline.com (John Young)
Subject: Re: InfoSec Spin
In-Reply-To: <199606061713.RAA23573@pipe1.t2.usa.pipeline.com>
Message-ID: <199606061933.PAA15452@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John Young writes:
>       In cyberspace, where hackers are finding commercial 
>       computer systems easy prey, businesses are choosing to 
>       hire free-lance security teams rather than involve the 
>       law. A Senate subcommittee heard Wednesday from experts 
>       who described how businesses, concerned over negative 
>       publicity, avoid reporting hacker assaults on their 
>       networked computer system.

Shocking, that.

Of course this happens. I mean, its part of my bread and
butter. However, this shouldn't be surprising -- businesses have
ALWAYS operated this way, whether on shoplifting or catching employees
with their hands in the kitty or hacking. It is not only a question of
avoiding embarassment, but also a question of having different
interests from law enforcement. The company wants safety, not
convictions. They don't have to worry about warrants or absolute proof
-- they only have to worry about their actions being defensible in a
civil suit. This makes their operations in such cases very different indeed.

Perry