Questions articles on this topic have yet to answer:
- What is the definition and severity of intrusion required to trigger an alert?
- Is this being done because most banks rely on customers to point out inconsistencies on account statements?
- How often do banks get hacked and then not say something? If the bank does not say something, how often is that a problem?
- Since when was the Software Business Alliance involved in setting security oriented government policy?
- Who are the true beneficiaries of this bill? Consumers - powerless to react? Or security software and services companies who will help banks prevent and investigate intrusions?
- Will security services firms be required to report intrusions at banks to government authorities? (and break long-standing non-disclosure and confidentiality agreements?)
- Will banks now report intrusions the same way airlines report on time arrivals and departures?
This is interesting legislation. However, I think it may be solving a problem that does not yet exist. Anyone who has read the legislation (or at least has a lijnk to it) and can provide answers to the questions above - please comment.
As an armchair economist, I'm always on the look out for various economic and technology metrics that prove to be leading indicators. I also have fun checking out some of the more esoteric indicators - the Big Mac Index run by the economist is a long standing favorite of mine.
BTW - life got in the way over the last month, I now return to my regularly sporadic programming.