To prepare to comply with Australia's new breach notification law, which goes into effect in February, organizations should start reviewing their cybersecurity posture and incidence response mechanisms, says Leonard Kleinman, RSA's chief cybersecurity adviser-APJ.
"One critical aspect practitioners need to focus on is to make sure they have adequate resources to be able to meet the deadline for reporting a breach promptly after it's discovered," Kleinman says in an interview with Information Security Media Group.
The new law, which goes into effect in February, requires many organizations to issue notification of breaches within 30 days of their detection and imposes huge penalties for non-compliance (see: Australia's Breach Notification Law: What to Watch).
The biggest challenge CISOs face in preparing to comply, Klienman says, is evaluating their security posture along with mapping the business risk. It's time to move from a compliance-driven approach to a risk-based assessment, he says.
The new law creates a sense of urgency for practitioners who not only need to understand the law and its implications, but also take a series of appropriate actions to prepare to comply, which will enhance their security posture, Kleinman says.
In the interview, conducted recently in Singapore (see audio link below photo), Kleinman discusses:
- The impact of Australia's breach notification law on enterprises;
- The need to review all security strategies and technologies;
- The importance of analyzing breach response capabilities.
At RSA, Kleinman is the chief cybersecurity adviser, working with executives and business stakeholders to make security a strategic priority that translates into business value. He has over 25 years of experience in the information technology industry, with an early focus on Oracle CASE, network operations and database administration.
(Suparna Goswami contributed to this report)