Both are media creations, they have no popular support.

Trump to continue the meme that Republicans are kooky old rich white men.

And Sanders as to keep legitimate questions away from Hillary Clinton.

I think it's funny that The Donald fancies himself as an astute businessman, but he's actually a cheap old windbag who doesn't do a good job managing his organization's risks. "Old school wildcatter."

Everybody knows he's worthless as a political candidate.

That said, you are claiming he "doesn't do a good job of managing his organization's risks" based on not "keeping his systems up-to-date and patched" at 5 of his hotels?

Yes, because it is a financial risk and a reputational risk. Anyone with a business that has an online presence ought to be concerned with what is/has been going on lately. Not only that the hackers had (seems to be a familiar refrain lately) penetrated his network in February of this year and were not detected.

Trump's hotels got busted when the banks found out about it meaning he was totally oblivious.

Inability to account for emerging risks in a business risk model will get you every time and is a reflection as to management's competence (or lack thereof).

That is the general consensus. That said, Bill Clinton began his presidential conquest as an unknown, unelectable, huckleberry sax playing good ol' boy from Arkansas. Everyone on the Democratic side ignored him, as did the RNC, until one day, Good ol' Bill was in the lead.

And Barack Obama has not even been born yet, but he got elected.

Not necessarily disagreeing with you, except to say that the vast majority of businesses and government organizations are in a very similar situation.

Trump has such a plethora of personal and public failures on his resume, and a thousand reasons why he should not be President. But cybersecurity wouldn't even be on my radar. That's a problem across the board, not with Trump specifically.

Trump fancies himself as astute. He's not.

Obama has issued an executive order, don't know it word for word, but I believe that it states all federal systems have to have an ATO or shut down. OMBs IG tried to shutOMBs non-ATO'ed servers down but was unsuccessful. The same ones where the classified credentialing system resided. People knew, but they failed.

Trump was clueless. No knowledge of the breach. No pen tests, IDS failed or was missing. Network not monitored for unusual activity.

The results were the same, but to me, not even being aware is much worse than knowing and trying to fix, Arcbuletta ought to be fired, but there's no excuse for Trump.

One more point, I bifurcated this on purpose. One more question would be why Trump or his board weren't raising this as a question. Obviously they weren't.

One of the first things you would do in such a situation would be to scan for root kits and malware as well as an up to date baseline scan of his server farm. Easy way to see if you've been had at a high level. Again, he did not, as the banks found suspicious activity connected to his companies, who reported it to federal authorities who investigated , then notified, Trump.

I see the day coming when the breach insurance does not pay for negligence and the victims are successful in court.

Trump is worth billions of dollars. He doesn't care. He hires people like you to care.

This is irrelevant, other than pointing out Trump's lack of computer intelligence, which is hardly something that needs to be expounded on.

This is like saying Trump doesn't deserve to be President because he allowed a mechanic to use inefficient parts, or because he allowed an inferior security system to be installed in his buildings.

President Obama doesn't know anything about blue team efforts and threat mitigation, either. He has experts to advise him on such things. He may have issued the executive order, but I seriously doubt he understood much of it.

I guess we'll have to agree to disagree on this one. You have a point about Trump being unaware. I think that lack of awareness is yet another data point showing what a poor leader he'd be if elected. I hope you and everyone else here on Shockernet has a safe and happy 4th.

Okay, please share your definition of an astute businessman. I consider a man that has grown an international conglomerate of hotel chains, world class commercial developments, and a suite of golf courses, among other things ... a pretty darn savvy businessman.

And what in the heck does this have to do with Trump? The only thing it proves is that hackers don't give one rats ass about what executive orders Obama has passed.

Completely TYPICAL for this type of crime. If someone steals your credit cards and completely covers their tracks, there is no way you CAN know until they start using the cards. And then the ONLY way you can know, is when the bank informs you because THEY are the ones that receive the fraud usage complaints. Now if the hacker isn't savvy enough to cover his tracks, you could catch it.

This is pure speculation and you are just puking up PCI standard checklist. You can't say there were no pen test, unless that has been reported. You can't say the IDS failed, until there are reports. This could be a simple as failure to shred a hard drive. There is NO pen test that can plug 100% of holes. There is no network monitor that can detect 100% of malicious activity. We don't know any of the details of this particular case yet. For all we know the systems that were hacked could be owned and monitored by a third party. We don't know yet, so for you to sit there and lob accusations without data, is completely dishonest.

Again, what does this have to do with Trump?

First of all, if you don't know that you had a security breach, how in the heck are you supposed to have a board meeting about it?!!? Second, this is pure speculation. You have know idea what Trump has or has not had private board meetings about.

Yes, I am sure that's what 100% of billionaire CEOs do that run multiple international companies ... they sit at their NOC's and run scan's for root kits, because that's the most important usage of their time. Sheesh.

Huh?

Kung, you sure have turned this into a novelette. This is my last response on this matter, I have noted your comments and numbered them and will address them one-by-one.

1. An astute businessman would make sure he hires the right people and makes sure he's on top of emerging risks to his business. Trump is not. Trump does not have the right people or processes. Please see 7 & 8.

2. I think you're talking about a subject here that you have little or no first-hand knowledge about. First of all, this wasn't your garden-variety hack, it was state-sponsored. Second, the context of the posts were more in the context of the victim and not the perpetrator, so your comment do not make sense as you are twisting the context to fit your reality, which at best shows you aren't paying attention or at worst are perhaps dishonest in your intention.

3. Your comment is illogical. You are comparing an individual who has their billfold stolen to a corporation, who is supposed to protect and secure their 3rd party data and as such is held to a higher legal standard. An individual can't sue themselves for negligence and stupidity, but they sure can sue a 3rd party for negligence and stupidity.

4. I can somewhat agree with your assessment, except that again you are showing a lack of knowledge of some of these products. IDS can and does allow the owner to subscribe to threat intelligence, and there are a number of good threat intelligence companies out there just like there are a lot of bad ones. Same for new generation firewalls. Your response also reflects a lack of knowledge about the use of risk as a transfer mechanism, because simply outsourcing the risk to a third party is not an adequate risk transfer. The risk must be transferred with the requisite controls so as to allow the outsourcer to effectively monitor the outsourced functions. In its purest form, transferring risk without requisite controls is negligent. Your sentence almost sounds like all a business owner has to do is outsource and its 'problem solved'. It does not work like that.

5. You seem to have familiarity with PCI, but this goes much further than that. It's called 'defense in depth'. Why don't you google it. It has beginnings in midevil ages with the Maginot line and is still used in military strategy. It's a tactic where multiple defenses are employed to slow an adversary down so as to allow time to marshal a response during an attack. It's a pretty common cyber security concept.

6. I agree, that was an editorial comment.

7. Board members are on the board to steer the company. Part of steering the company is to be able to see when the ship (company) is getting too close to the rocks (emerging risks). Of course, if your contexting and experience is with a small company, your experience and learnings might relate more to a board being a group of cheerleaders at a football game and less what a board of directors (in a publicly traded company) ought to be doing. But since Trump has such a big ego, I'm betting he would fire anyone who would give him serious advice (that he might disagree with) so that he could hire a cheerleader (to kiss his butt and tell him how wonderful he is) to replace him. Big egos lead to blind spots and errors in judgement.

8. You're not understanding my point. My point here is that it would not be untypical to have a discussion at a board meeting where someone might ask 'what are we doing to protect our information assets?' Whereupon, someone would turn to the person in charge of IT and ask the question. If the answer was 'nothing', the first step in the project would be to determine what the current baseline was, where the baseline needed to be and perform a gap analysis to determine how/what would be needed to close the gap. The IT guy would probably be invited back in the future to report to the board (or relevant committee) as to how things were progressing and what learnings had been made. Your oversimplification of 'Trump running a pen-test or some sort of report' shows me that you have no clue as to how boards of directors work and the liability someone could potentially face as being part of that board. Perhaps you should google the legal and civil liabilities related to the Sarbanes-Oxley act or read up on some fraud case studies to learn what can happen when a board member sits back on their fat behinds and collects paychecks.

9. That comment is self-explanatory, just read the newspapers and get back with me in a couple of years.

I respect your knowledge on this subject, and have quite a bit myself on at least an aspect of it. However, I think this is one of those situations where you're blowing up something specifically because it's your area of expertise. It's more important to you than it is to anyone else. Like someone working in air conditioning for forty years and being several disappointed in the choice of HVAC units a Presidential candidate has made.

Your point #1 is pretty valid, but in this sense the vast majority of businessmen in America are poor businessmen. I think you should probably distinguish between a good businessman with a blind spot in one important area than simply a bad businessman.

Nearly all businessmen have blind spots. Trump clearly has a quite a few. That does not invalidate his successes, though.

I don't think you and I are necessarily disagreeing, and in some ways I don't think you and KungWu are even completely disagreeing. I just think you're placing too much weight on one aspect of business. It's a piece of the puzzle, and an important one, but it doesn't invalidate the entire picture just because it's missing.

Ted Cruz