[Return to News
Page]ANALYSIS: After the Fact Incident
Handling Just As Important As Security and Privacy Protection
Measures
Recent breaches made worse by poor
handling and follow-up are leading consumers and regulators to
question and investigate corporate practices
Los Angeles, March 3 – According
to ContingenZ Corporation, recent security and privacy breaches in
the financial sector are leading consumers and regulators alike to
investigate whether or not the affected companies instituted
protection measures as claimed and to question whether incidents are
taken seriously enough.
Michael Miora, CISSP-ISSMP, FBCI, an
acclaimed expert on incident management and risk reduction, and a
previous honoree of Entrepreneur and other magazines, explains, “It
is not possible or reasonable to expect that security and privacy
protections will be successful 100% of the time. Therefore, it is
imperative for a company to plan how it will mitigate the scope of a
breach and react quickly to eliminate the exploited vulnerability.
The time for this planning is before an incident occurs, not
afterwards.”
According to Miora, “Poor
planning efforts that result in inadequate incident response can
exacerbate the effects of the incident and affect the company’s
reputation even more than the incident itself.”
As an example, there was a
recent compromise of information held by Georgia-based ChoicePoint,
a company which, according to ConsumerAffairs.com and
InformationWeek, keeps a massive database of personal information on
virtually every American, including information about who we are,
what we own, what we owe and even where we go. ChoicePoint initially
reported a compromise had put 35,000 California residents at risk
for identity theft. It wasn’t until later that the company admitted
that nearly 145,000 individuals were affected.
Senate Judiciary Committee
Chairman Sen. Arlen Specter then announced that the Committee will
investigate ChoicePoint and this breach. Miora claims that a proper
incident management and response capability that mitigated the risk
and provided a faster and better response may have precluded this
investigation.
About ContingenZ Corporation
ContingenZ Corporation (http://www.contingenz.com)
provides Incident Management, Information Security and Privacy
consulting services to Global 2000 companies to help them evaluate
their vulnerabilities and protect themselves against incidents
ranging from terrorism to hackers or natural disasters. ContingenZ
is also the maker of IMCD™, the automated tool for building a fully
customized Incident Management Plan for small to mid-sized
businesses. More information about IMCD™ is available at
http://www.contingenz.com/IMCD.htm.
For More Information:
Michael Miora, CISSP-ISSMP, FBCI
ContingenZ Corp
(310) 306-0111
mmiora@contingenz.com
[Return to News
Page]
