Friday, August 31, 2007

Fun Read: Harvard Biz Review Data Loss Case

This is an enlightening (if fictional) data breach story at a retailer, involving PCI, data theft, lawyers, breach disclosure and a lot of painful decisions by the exec team. Those who never were in such situations should read in order to at least take a peek at what might happen to your organization in the near future ....

Especially fun things to notice:

- an opinion by their legal that "If we disclose, we’ll probably get sued"
- environment complexity which doesn't allow them to pinpoint the breach

The sad part is that the story is kinda unfinished... Please, please, write it all the way to the end :-)

UPDATE: another set of fun comments on this story is available here. Chris makes an insightful comments about the team going thru "all seven distinct stages of the data breach grieving process" :-)

4 comments:

Anonymous said...

Seriously...not to be a dork, but 6 days later you're posting this as news?

http://rationalsecurity.typepad.com/blog/2007/08/harvard-busines.html

I'm not trying to be a dork, but when I read new links off a fellow blog, I link to it...You're in my reader but I'm not in yours? Shame.

/Hoff

Anton Chuvakin said...

Well, I actually got an email direct from those Harvard guys after the link was already sitting in my "2blog" label for a few days. I did say I am behind on blogging, didn't I? :-) I would now update the post with a link to your comments ...

Anonymous said...

...and just to be clear, I didn't post this because I want to drum up "hits." I posted it because, in a rare time of weakness, I was grumpy that you didn't participate in the conversation over yonder.

I actually *read* your blog ;(

I re-read that comment, and I sound like a d*ck. I'm sorry. Came out wrong.

'pologies

/Hoff
htt

Anton Chuvakin said...

Well, there was nothing much to discuss, apart from the fact that somebody has to write how the story ends :-) One just doesn't write the crime novels half-way :-)

Dr Anton Chuvakin