[blog spam] Я всегда подозревал...

[blog spam] Я всегда подозревал...
Продолжаются забавные цитаты из нетленки Росса Андерсона Security Engineering Second Edition. Про аудиторов:
It’s reckoned that the auditors’ gold-plating of the Sarbanes-Oxley requirements is costing the average U.S. listed company $2.4m a year in audit fees, plus 70,000 hours of internal work to ensure compliance; the total cost of SOX could be as much as $1.4trillion. (My own advice, for what it’s worth, is to never use a big-four accountant; smaller firms are cheaper, and a study done by my student Tyler Moore failed to find any evidence that companies audited by the Big Four performed better on the stock market.)
И про инсайдеров (в банках):
The general experience of banks in the English-speaking world is that some 1% of staff are sacked each year. The typical offence is minor embezzlement with a loss of a few thousand dollars. No-one has found an effective way of predicting which staff will go bad; previously loyal staff can be thrown off the rails by shocks such as divorce, or may over time develop a gambling or alcohol habit. Losing a few hundred tellers a year is simply seen as a cost of doing business.
Конечно же, ничего сенсационного, но цифры поражают.
Alt text

Vlad Styran

информационно. безопасно.*