Five Ways To Survive a Data Breach Investigation
Security experts say it all the time: If a company thinks it has suffered a data security breach, the key to getting at the truth unscathed is to have a response plan in place for what needs to be done and who needs to be in charge of certain tasks. And, as SANS Institute instructor Lenny Zeltser advised in CSOonline's recent How to Respond to an Unexpected IT Security Incident article, "ask lots and lots of questions" before making rash decisions.
Unfortunately, many companies still fail to heed that advice and end up in a lot more trouble than was necessary -- see The Company That Did Everything Wrong Parts 1 and Part 2 for painful examples.
Robert Fitzgerald, a Boston-based digital forensics investigator and president of The Lorenzi Group LLC, finds that at many of the companies he investigates, the words of Franklin D. Roosevelt ring true: The only thing [companies] have to fear is fear itself.
"People get nervous when we come in and it's a shame, because our job isn't to tear through and tell you how bad you are," Fitzgerald said. "We're not law enforcement."
But people get nervous anyway. So they do stupid things on purpose or by accident that lands the company in a heap of trouble. People who fear lawsuits or have something to hide tamper with evidence [Fitzgerald calls it "spoliation"] in ways that may seem clever -- overwriting files, reinstalling the operating system, loading a bunch of other data on discs and drives and them deleting them -- but are easily uncovered during an investigation.
To help companies avoid such madness, Fitzgerald recently sat down with CSOonline to outline five steps that can be taken to ensure a smooth investigation that ends with the company's reputation intact.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Data Breaches Due Largely to Lagging Business Culture
Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.The author, David Scott, has an interview that is a great exposure: www.businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.
Excellent info
helpful perspective, thx