Personal observations.


Blogroll
Sharing Our Spaces
Oklahoma Observer
CarTalk
Esther's Photos
Where's Esther
ec-432
OKBID.ORG
Oklahoma Economics

 
The Choicepoint security breech was a low-tech scam of a high-tech company. It becomes a textbook case of one of the most common misconceptions in the digital age.

I remember being embroiled in a discussion over whether high stakes contracts (such as real estate deals) could ever be consummated online. The main concern from the title insurance industry was how they could have ironclad confidence in the identity of the person signing the deal.

I agreed we had new challenges, but to expect 100 percent security in a virtual deal when we had lived with far less for centuries seemed unrealistic.

Choicepoint holds an immense amount of financial data on people. It is a vault of valuable information just as a bank vault may hold physical tender or other valuables. Choicepoint is a natural target for thieves.

While conceivable that very clever crackers might find a way to get into the Choicepoint computer system and steal information, it is instructive that the big theft did not happen that way. A group of scam artists simply set up several bogus companies and then subscribed to the information under Choicepoint’s small business plan. They knew to collect only enough information at any one attempt to avoid setting off abuse alarms.

The lesson here for cyber security professionals is that all the systems analyses and lockdowns are worthless if you don’t cover the front door. Every business and every computer system have legitimate entry points. Why else would it be operating? Each entry point, even the legitimate ones, presents a risk just as the front door of a bank presents a risk of bank robbery. Even the normal processes of a bank, from loans to withdrawal procedures, present risks. Theft does not have to be one dramatic incident. It can come in a series of seemingly normal transactions.
posted by Unknown at 8:28 AM