Step number one after a security breach: Don’t immediately bring in the outside forensics team — get your attorney up to speed on the attack first. And don’t assume just because you had a break-in that you have to disclose it publicly — it all depends on whether data covered under regulatory mandates was exposed. These are two bits of advice to the security-breached from Kevin Mandia, a forensics expert who has worked on the front line of the TD Ameritrade investigation and is serving as an expert in the TJX breach case.
Mandia will testify as an expert witness for the credit- and debit-card issuers if the TJX case goes to trial. Mandia takes a different view than some breach experts, who encourage enterprises to make swift disclosure of suspected breaches. (See What to Do When Your Security’s Breached.) "Only ‘the need to know’ should be ‘in the know,’" says Mandia, CEO of Mandiant, who for the past 15 years has worked on over 100 computer security breaches with the Fortune 500, FBI, and military. He’s seen a lot of mistakes made by victims over the years, he says, as well as major shifts in how companies must respond in today’s regulatory and disclosure environment. What Not to Do After a Security Breach - Desktop Security News Analysis - Dark Reading
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag