The recent major breach at Zappos.com should lead security professionals in all industries to carefully review how much client information their organization really needs to store, security expert Fred Cate says.
Francoise Gilbert of the IT Law Group won't give Zappos an "A" for how the online retailer reacted to its recent data breach. So, what can organizations learn from the incident, so they're better prepared?
Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.
Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.