As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
"Cybersecurity remains a priority for my administration, and we are committed to protecting our critical infrastructure by taking decisive action against cyberthreats," President Obama says in a proclamation designating December Critical Infrastructure Protection Month.
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.
A wave of security breaches serves as a catalyst for all types of organizations to assess the need for cyber insurance. Here's the story of one institution that saw the threat and took out a $10 million policy.