In fact, customer information management or privacy are controversial because , different countries have different measurements. Even , like in Hong Kong, apart from banking, there is no mandatory rules to handle customer information. Meanwhile, regular audit should also be ignored.

The answer is simple. It is also a common excuse. If there is no incidence, we could still not improve. How many people are willing to pay for regular body checkup frequently especially for those system related?

We need time to change their view, however, it is not far away, because incidence will continuously come out if we just put it away.

Again, Incidence never waits for our complete preparation.

In addition, as a customer, we should avoid excessive applications of credit cards and use some low-limit credit cards for online transaction. Do not disclose it in the mail and check up there is any SSL connection enabled during the e-Transaction. In addition, don't just throw the card bill to the bin, shred it out.

Regards,

Anthony LAI, CISSP, CISA

Founder of InfoSec Hong Kong

URL: http://www.infosechk.org

Program Committee

PISA (Professional Information Security Association)

URL: http://www.pisa.org.hk

Chapter Leader

OWASP (Hong Kong Chapter)

URL: http://www.owasp.org/local/hongkong.html

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11219/32041#32041