This is an enlightening (if fictional) data breach story at a retailer, involving PCI, data theft, lawyers, breach disclosure and a lot of painful decisions by the exec team. Those who never were in such situations should read in order to at least take a peek at what might happen to your organization in the near future ....
Especially fun things to notice:
- an opinion by their legal that "If we disclose, we’ll probably get sued"
- environment complexity which doesn't allow them to pinpoint the breach
The sad part is that the story is kinda unfinished... Please, please, write it all the way to the end :-)
UPDATE: another set of fun comments on this story is available here. Chris makes an insightful comments about the team going thru "all seven distinct stages of the data breach grieving process" :-)
4 comments:
Seriously...not to be a dork, but 6 days later you're posting this as news?
http://rationalsecurity.typepad.com/blog/2007/08/harvard-busines.html
I'm not trying to be a dork, but when I read new links off a fellow blog, I link to it...You're in my reader but I'm not in yours? Shame.
/Hoff
Well, I actually got an email direct from those Harvard guys after the link was already sitting in my "2blog" label for a few days. I did say I am behind on blogging, didn't I? :-) I would now update the post with a link to your comments ...
...and just to be clear, I didn't post this because I want to drum up "hits." I posted it because, in a rare time of weakness, I was grumpy that you didn't participate in the conversation over yonder.
I actually *read* your blog ;(
I re-read that comment, and I sound like a d*ck. I'm sorry. Came out wrong.
'pologies
/Hoff
htt
Well, there was nothing much to discuss, apart from the fact that somebody has to write how the story ends :-) One just doesn't write the crime novels half-way :-)
Post a Comment