Russell Cameron Thomas George Mason University – Department of Computational Social Science Marcin Antkiewicz Qualys, Inc. Patrick Florer Risk Centric Security, Inc. Suzanne Widup Verizon Communications Inc., Verizon RISK Team Matthew Woodyard Zions Bancorporation March 11, 2013 Abstract: This paper proposes an analysis framework and model for estimating the impact of information security breach episodes….
Category: Commentaries and Analyses
Attacks ‘highlight need for data breach notification law’
Paul Smith reports: The Australian Bankers Association has defended the strength of IT security processes in place across Australia’s banking system following the revelation that Reserve Bank of Australia systems had been compromised by China-based hackers. However, security experts said the incident highlighted the need for Australian data breach notification laws to be tightened to force…
After a Data Breach, Do You Need an Investigator or a Lawyer?
Catherine Dunn writes: Before becoming a computer forensics investigator who specializes in data breach response, Jason Straight was a practicing attorney. And even though he’s been in the investigative business for longer than he was a lawyer, he has to pause every once in a while when a client asks him a question in the…
Does a presidential executive order on cybersecurity get a hotel chain off the FTC hook for its breaches?
I occasionally check the docket for FTC’s lawsuit against Wyndham over the multiple breaches they experienced. A story in my news reader today about how Ben Rothke of Wyndham Worldwide gave a talk on “The five habits of highly secure organizations” struck me as somewhat ironic, and I decided to see where the lawsuit stood. Of…
New U.S. Supreme Court Decision Will Likely Impact Data Breach Litigation
Rebecca J. Schwartz writes: On February 26, 2013, the United States Supreme Court in Clapper v. Amnesty International confirmed a demanding threshold showing for plaintiffs suing based on increased risk of harm in privacy-related. The decision effectively resolves a circuit split over the application of the Article III standing requirement in data breach cases. Plaintiffs must show that the…
ICO: Companies Laissez Faire over BYOD personal data
Antony Savvas reports: The Information Commissioner’s Office (ICO) says many employers “appear to have a laissez faire attitude” to allowing staff to use their personal devices for business, which may be placing people’s personal information at risk. ICO commissioned YouGov to question 2,150 UK adults, which found that almost half (47 percent) now use their…