This is well worth reading if you're in Info Sec... I particularly was nodding my head violently yes when I read the following:
"The research indicates there are tensions within organizations over how data should be managed. Security and privacy professionals see customer data as an asset to protect, while in functions such as marketing where personal data is collected and used, employees are more likely to see it as a resource to achieve business objectives."
Forbes. Its listed under "Business of Fear"... hmmm?
So... a couple of interesting links related to PCI (payment card industry data security standards)
Do you have legacy systems that process credit cards?
You don't say?
While not a bad list... I have to say not the same list I would compile.
I read this book while I was back in High School and its a great read. If you're not old enough to remember what a 300 baud modem is then some of the technology references may seem a little arcane but the story is compelling. This is a true story.