The media covered it at length, just about every columnist uttered his opinion regarding it and in internet discussion forums and social networking platforms it is still a vividly debated subject: The German intelligence agency, BND, paid a whistle-blower approximately EUR 5 million for a DVD containing data of Lichtenstein bank customers and passed it on as “administrative assiistance” to the German equivalent of the IRS criminal investigation, the infamous “Steuereuerfahndung”, which started tax evasion prosecutions against several hundred individuals, including Klaus Zumwinckel (former CEO of the Deutsch Post) and Karl Michael Betzl, Bavarian privacy protection officer. Quite displeasing for the concerned citizens. A first-class worst case for the involved banks. A deal with an excellent yield for the German state. And for us a perfect occasion to ask ourselves some questions: If and how this could have happened in our own companies? If and how this could have been prevented? Starting with a chronological abstract of the affair it will be thoroughly analyzed and judged as an InfoSec incident and “lessons learned” will be deduced.
Before joining Computacenter Dror worked as a Senior Security Consultant for ERNW assessing the security of networks and researching into different security-technologies. After fiddling around with Cisco gear for some years and presenting on different topics at several international security conferences he has moved on to develop a kind of holistic approach to information security. He still believes that it should be possible to `measure security` in some way and spends some of his time trying to understand how security can be `made measurable`.