Attacks/Breaches
9/12/2013
11:38 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian Data Breach Resolution Releases Its 2013-2014 Response Guid

Updated edition highlights the HIPAA Omnibus Rule, new state notification laws

COSTA MESA, Calif., Sept. 12, 2013 /PRNewswire/ -- Despite the increasing awareness around the rise in data breaches and potential damage, not all organizations are taking the necessary steps to mitigate the fallout from a cyberattack. According to a 2013 Experian Data Breach Resolution and Ponemon Institute study, Is Your Company Ready for a Big Data Breach?, nearly 40 percent of companies that experienced a breach say they have not developed a formal preparedness plan even after the incident. To help businesses and institutions get started, Experian Data Breach Resolution has released its updated 2013-2014 Data Breach Response Guide.

(Photo: http://photos.prnewswire.com/prnh/20130912/SF78361)

An excellent tool for any organization looking to develop a data breach response plan, the content is appropriate for professionals handling security, risk and compliance, as well as senior leadership and executives responsible for business continuity. It contains information on how to create a plan and what to do during the crucial first 24 hours of a breach. The guide also addresses how to notify customers, patients or employees and work with a data breach resolution partner. Additional content in the guide provides recent information on the HIPAA Omnibus Rule and a snapshot of upcoming federal legislation on breach notification laws.

The guide can be downloaded for free at http://www.experian.com/responseguide.

"A company of any size, across industries, can fall victim to a data breach, and it is never too soon to prepare a plan," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "This guide is a valuable resource that will help organizations assess their levels of preparedness and understand the required steps to take in managing a data breach."

The 30-plus-page handbook includes practical checklists and forms. It also outlines many key steps to begin a data breach preparedness plan:

-- Identify an incident response team lead: Start by selecting your incident lead. Think of someone from an internal or external legal department or a chief privacy officer. Your incident lead should be able to manage and coordinate the company's overall response efforts and team and act as an intermediary between C-level executives and other team members to report progress and problems. -- Select the right people for the right roles: Determine who is on the response team and what their role would be in the wake of a breach. Include individuals from departments across the organization such as legal, human resources, marketing, compliance and information technology to ensure the appropriate stakeholders are at the table. Include the company's key decision makers as advisers to your data breach response team to help ensure you have the needed leadership, backing and resources to properly develop and test your plan. -- Conduct preparedness training: In addition to a company-wide focus on data security and breach preparedness, department-specific training should trickle down from the data breach response team. Each member of the team has a unique responsibility to apply prevention and preparedness best practices to his or her own department. For additional data breach resources, including Webinars, white papers, videos and more, visit http://www.experian.com/databreach.

Read Experian's blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution Experian is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2184
Published: 2015-03-27
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

CVE-2014-3619
Published: 2015-03-27
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

CVE-2014-8121
Published: 2015-03-27
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over...

CVE-2014-9712
Published: 2015-03-27
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.

CVE-2015-0658
Published: 2015-03-27
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.