Attacks/Breaches
9/12/2013
11:38 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian Data Breach Resolution Releases Its 2013-2014 Response Guid

Updated edition highlights the HIPAA Omnibus Rule, new state notification laws

COSTA MESA, Calif., Sept. 12, 2013 /PRNewswire/ -- Despite the increasing awareness around the rise in data breaches and potential damage, not all organizations are taking the necessary steps to mitigate the fallout from a cyberattack. According to a 2013 Experian Data Breach Resolution and Ponemon Institute study, Is Your Company Ready for a Big Data Breach?, nearly 40 percent of companies that experienced a breach say they have not developed a formal preparedness plan even after the incident. To help businesses and institutions get started, Experian Data Breach Resolution has released its updated 2013-2014 Data Breach Response Guide.

(Photo: http://photos.prnewswire.com/prnh/20130912/SF78361)

An excellent tool for any organization looking to develop a data breach response plan, the content is appropriate for professionals handling security, risk and compliance, as well as senior leadership and executives responsible for business continuity. It contains information on how to create a plan and what to do during the crucial first 24 hours of a breach. The guide also addresses how to notify customers, patients or employees and work with a data breach resolution partner. Additional content in the guide provides recent information on the HIPAA Omnibus Rule and a snapshot of upcoming federal legislation on breach notification laws.

The guide can be downloaded for free at http://www.experian.com/responseguide.

"A company of any size, across industries, can fall victim to a data breach, and it is never too soon to prepare a plan," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "This guide is a valuable resource that will help organizations assess their levels of preparedness and understand the required steps to take in managing a data breach."

The 30-plus-page handbook includes practical checklists and forms. It also outlines many key steps to begin a data breach preparedness plan:

-- Identify an incident response team lead: Start by selecting your incident lead. Think of someone from an internal or external legal department or a chief privacy officer. Your incident lead should be able to manage and coordinate the company's overall response efforts and team and act as an intermediary between C-level executives and other team members to report progress and problems. -- Select the right people for the right roles: Determine who is on the response team and what their role would be in the wake of a breach. Include individuals from departments across the organization such as legal, human resources, marketing, compliance and information technology to ensure the appropriate stakeholders are at the table. Include the company's key decision makers as advisers to your data breach response team to help ensure you have the needed leadership, backing and resources to properly develop and test your plan. -- Conduct preparedness training: In addition to a company-wide focus on data security and breach preparedness, department-specific training should trickle down from the data breach response team. Each member of the team has a unique responsibility to apply prevention and preparedness best practices to his or her own department. For additional data breach resources, including Webinars, white papers, videos and more, visit http://www.experian.com/databreach.

Read Experian's blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution Experian is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.