francoisellis
Highest Rated Comments
francoisellis61 karma
Bill, as a Cyber Security worker myself, are you in favor of a national personal information regulatory agency? I've gone back and forth on this several times, and keep landing on the fact that personal information needs a centralized enforcement agency, similar to the IRS, with the power to force institutions to use standards and policies that make sense, and assure the safe keeping of everyone's personal data. Additionally, what do you think of a national two step verification system for every persons Social Security number?
francoisellis11 karma
the Internet is working wel
Wait what? I'm truly lost and think you completely misunderstood what I'm getting at. I'm simply stating the following: There are plenty of industry approved, vetted, and communicated standards and policies that dictate how people should be handling systems of various levels of criticality specifically with regards to personal information. These standards deal with how information is stored, transmitted, accessed etc. It has absolutely nothing to do with collecting any additional information. I'm simply suggesting that these standards and policies be enforced by an external agency, as my industry (Banking) widely lack the necessary IT Controls that safeguard the data that you provide them with. Stop trying to state that I'm suggesting less freedom or regulating the internet, that's idiotic. An no, I'm CRISC certified and hold a quantitative finance degree.
francoisellis8 karma
This is inaccurate. Verifying that you're systems uses token authentication, multi factor authentication, vulnerability scans before production etc do NOT need personal data. As a matter of fact, COBIT standards and policies are specifically enforceable without placing PI at risk.
francoisellis8 karma
And just to be clear to those reading my question, I'm not suggesting that the personal information agency would collect any data, they would be in charge of enforcement of well established cyber security practices and controls that should be implemented across all systems that house PI.
francoisellis132 karma
Thanks for the extensive answer to a well articulated question.
View HistoryShare Link