Sarbanes-Oxley victims are counting pennies. They know, or they have been told, it will bring benefits. But at what costs? Audit costs seem anecdotally to be up by 50% or so. Honest injuns think it might not be worth the cost. Chiefs keep silent, it isn't worth their salary to rock the canoe. Interestingly, the article suggests that this year is a hump, and next year should be cheaper as the systems are in place.
Martin Hall, chairman of the JMLSG editorial panel, said: 'We have taken a radical approach. The new guidance reflects the reality, that most customers are neither money launderers nor terrorists.
Over in certification land, the recent insider job in an Indian outsourcing firm is being ramped up by those who hate outsourcing. Another article points out:
" Ironically it shows the weakness of the certification system, which is supposed to guard against things like this. The centre in Pune was BS 7799- and CMM Level 5-certified, yet the fact that such a theft took place shows that such assurances probably arenít worth that much."
It's just one cute data point, we'd needs a survey to really decide if that was statistically meaningful. Here's some more data points: The alleged #8 spammer in the world got 9 years in the slammer.
Let's work that out. If each spam costs a lost second to delete, then 3 million spams is worth a year. Nine years is worth 27 million spams. Now, if #8, a.k.a. Jeremy Jaynes sent a mailshot of a million a day, and he'd been doing it for a month, that's about right. An eye for an eye, a second for a spam. If however he had consumed say 70 spam-years, then that's a death sentance: 220 million spams means we lost a life somewhere, in the aggregate.
Looks like he got off lightly.
Meanwhile, some great figures are appearing from an e-crime conference where CEO from HSBC, spoke.
"The UK apparently leads the world in terms of 'bot nets', or collections of compromised computers that are rented out by criminal gangs. In March of 2004, German police uncovered a network of 476 hackers in 32 countries who had turned more than 11,000 computers into such 'zombies'. In September 2004 a Norwegian internet company shut down a bot-net controlling 10,000 machines. And SpamHaus estimates suggest 50,000 new zombie systems may be appearing each week."
And in the proportionality stakes, the unintended consequences of criminalising theft of IP strike home: one games manufacturer has complained to the FBI about several years of illegal selling of their game. By rights, the FBI ought to swoop in and bust the place up ...
I wonder if anyone has thought of making a game of strategy out of IP theft?Posted by iang at April 16, 2005 06:38 AM | TrackBack