jducoeur

I wonder if there are any companies with the security and publicity smarts to offer a "Safe to Shop Here" logo for big stores? Given the TJX debacle (and the new news that people who shopped at TJX stores are having their identities stolen), I expect the public to start at least fractionally noticing information security as a concern. That would seem to create a business opportunity for someone to come out with a "Certified Secure" label for stores, the same way they're trying to build a "Guaranteed Organic" label that consumers recognize. Like that, only a fraction of the public would notice, but that fraction is likely to be passionate about it.

Not an easy task: the company would have to have the security chops to conduct really good security audits, and have the marketing machine to convince the public that they really are holding these companies to account. But it would seem like a way to print money if they could pull it off: it could become a significant competitive advantage to have your store certified by them (assuming they managed to get the public to pay attention to the label), and the space is pretty big.

(Devil's advocate: doing this without major legal exposure would be tricky -- the company couldn't afford to *guarantee* the security, just establish that their customers are following good enterprise-grade practices...)

S	M	T	W	T	F	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Most Popular Tags

adobemax - 14 uses
arisia - 38 uses
artofconv - 14 uses
business - 13 uses
cats - 50 uses
comics - 51 uses
commyou - 131 uses
covid-19 - 26 uses
diary - 731 uses
ebooks - 14 uses
economics - 33 uses
economy - 28 uses
europe 2012 - 14 uses
exercise - 30 uses
games - 29 uses
geekery - 14 uses
girl genius - 28 uses
house - 37 uses
humor - 21 uses
jane - 108 uses
kickstarter - 13 uses
larp - 59 uses
law - 28 uses
links - 49 uses
lj - 28 uses
masonry - 17 uses
media - 28 uses
meme - 15 uses
memes - 29 uses
news - 17 uses
patents - 13 uses
pennsic - 36 uses
politics - 353 uses
programming - 476 uses
querki - 107 uses
recipes - 30 uses
reviews - 204 uses
sanibel 07 - 12 uses
sca - 326 uses
scala - 40 uses
science - 13 uses
spam - 21 uses
technology - 531 uses
troob - 27 uses
vacation - 54 uses
vegas - 12 uses
via ljapp - 13 uses
wartime thoughts - 34 uses
wave - 23 uses
work - 92 uses

Flat | Top-Level Comments Only

From:

zachkessin.livejournal.com

Well I think it would have to be more like ISO 9000, in that you do things according to a set of rules, and that this gets audited on a regular basis. And probably a bit like Kosher certification, which is to say that the certifying agency can show up at any time and if they don't like what they see they can pull your certificate.

talvinamarich.livejournal.com

Oh, my. Interesting image.

"This software certified 100% Kosher by Rabbi Ben Geek."

;)

dsrtao

Since the review of procedures would necessarily involve many of the same steps, it makes sense for this to be an extension of the SAS-70 Type II audit -- a CPA standard for reviewing the operational controls of a corporation. It also requires some programming skills to spot-check that critical programs do what they claim to do.

The SAS-70 standard is published by the American Institute of CPAs, and lots of independent contractors implement it. This would mean that the Data Handling Standard (or whatever) would be defined by a major organization, and folks would be trained to implement it and stand behind it themselves.

Now if only the big accounting firms were capable of not colluding with their clients...

Sudden thought: suppose you paid a fee based on your complexity and size into an insurance fund, and the insurers randomly picked which firm was going to do the review this year?

A business opportunity for somebody...

(no subject)

(no subject)

(no subject)

(no subject)

Profile

July 2025

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags