Attacks/Breaches
9/12/2013
11:38 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian Data Breach Resolution Releases Its 2013-2014 Response Guid

Updated edition highlights the HIPAA Omnibus Rule, new state notification laws

COSTA MESA, Calif., Sept. 12, 2013 /PRNewswire/ -- Despite the increasing awareness around the rise in data breaches and potential damage, not all organizations are taking the necessary steps to mitigate the fallout from a cyberattack. According to a 2013 Experian Data Breach Resolution and Ponemon Institute study, Is Your Company Ready for a Big Data Breach?, nearly 40 percent of companies that experienced a breach say they have not developed a formal preparedness plan even after the incident. To help businesses and institutions get started, Experian Data Breach Resolution has released its updated 2013-2014 Data Breach Response Guide.

(Photo: http://photos.prnewswire.com/prnh/20130912/SF78361)

An excellent tool for any organization looking to develop a data breach response plan, the content is appropriate for professionals handling security, risk and compliance, as well as senior leadership and executives responsible for business continuity. It contains information on how to create a plan and what to do during the crucial first 24 hours of a breach. The guide also addresses how to notify customers, patients or employees and work with a data breach resolution partner. Additional content in the guide provides recent information on the HIPAA Omnibus Rule and a snapshot of upcoming federal legislation on breach notification laws.

The guide can be downloaded for free at http://www.experian.com/responseguide.

"A company of any size, across industries, can fall victim to a data breach, and it is never too soon to prepare a plan," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "This guide is a valuable resource that will help organizations assess their levels of preparedness and understand the required steps to take in managing a data breach."

The 30-plus-page handbook includes practical checklists and forms. It also outlines many key steps to begin a data breach preparedness plan:

-- Identify an incident response team lead: Start by selecting your incident lead. Think of someone from an internal or external legal department or a chief privacy officer. Your incident lead should be able to manage and coordinate the company's overall response efforts and team and act as an intermediary between C-level executives and other team members to report progress and problems. -- Select the right people for the right roles: Determine who is on the response team and what their role would be in the wake of a breach. Include individuals from departments across the organization such as legal, human resources, marketing, compliance and information technology to ensure the appropriate stakeholders are at the table. Include the company's key decision makers as advisers to your data breach response team to help ensure you have the needed leadership, backing and resources to properly develop and test your plan. -- Conduct preparedness training: In addition to a company-wide focus on data security and breach preparedness, department-specific training should trickle down from the data breach response team. Each member of the team has a unique responsibility to apply prevention and preparedness best practices to his or her own department. For additional data breach resources, including Webinars, white papers, videos and more, visit http://www.experian.com/databreach.

Read Experian's blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution Experian is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.