Claburn, Thomas. Break-In At Berkeley May Have Compromised Data Of 1.4 Million Californians. InformationWeek. October 20, 2004
This story about the now-widely-publicized theft of UCBerkley's database containing 1.4 million Californians' Social Security numbers raises an interesting point from a compliance perspective. Many organizations spend a ton of time focused on identifying areas of elevated permissions (i.e., per Sarbanes-Oxley Act, Section 404, etc.) ... yet ignore almost entirely the usage profiles of individuals already "authorized" to access the data in question. Yet, as this story demonstrates, that addresses only part of the issue.
Posted by P0stmaster at 8:54 PM