After a breach, some organizations meet the minimum requirements for notification and then hope for the best. The Utah Department of Health is taking a very different approach that's worthy of imitation.
Weeks, months or even years often go by before organizations discover they've been hacked, not learning of the attack until law-enforcement authorities inform them, says recently retired FBI Executive Assistant Director Shawn Henry.
Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
A legal dispute between a small merchant in Utah and its former payments processor has fueled a debate over contracts between merchants and acquirers. If successful, this case could spur contractual shifts that change the way card brands view liability after card breaches.
A breach is a disaster, says business continuity specialist Ken Schroeder. So organizing an effective breach-response team does not require a reinvention of the wheel. What it does require is a holistic approach.
Don't be too fast to blame Research In Motion for the disruption in BlackBerry service if your organization suffered from the lack of e-mail exchanges. It could be partly your fault, too, says noted infosec lawyer Francoise Gilbert.
News about recent healthcare information breaches offers an important reminder: Monitoring the privacy and security procedures of your business associates should be a vital component of any breach prevention strategy.
The breach earlier this month of certificate authority DigiNotar could prove to be the worst security event ever to happen on the Internet because it threatens, at its core, a fundamental principle of Internet transactions - economic and social - trust.