BreachExchange mailing list archives
Delete Data To Delete Risk
From: security curmudgeon <jericho () attrition org>
Date: Thu, 17 May 2012 03:12:47 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.darkreading.com/database-security/167901020/security/news/240000521/delete-data-to-delete-risk.html By Ericka Chickowski Contributing Writer Dark Reading May 16, 2012 Earlier this month, a Missouri state senator led a filibuster to block the vote on the creation of a new prescription-tracking database within the state -- on the grounds that should a breach occur to expose this database, it would expose embarrassing information about citizens. Though extreme, the event offers good evidence that awareness is growing both in the public and private sector that one of the best ways to protect sensitive and personally identifiable information (PII) from a breach is to eliminate its existence. "Rule No. 1 in data-breach prevention is that they can't steal it if you don't have it," says Alan Brill, senior managing director of Kroll Advisory Solutions. "It would be a lot better if people remembered that one." Obviously, protected identifiable information and other sensitive information fuels enterprise business today. And then there are certain classes of data that are required to be kept because of litigation or to maintain a legal hold for discovery issues, Brill explains. But beyond that, he believes organizations need to do a better job probing the necessity of retaining data -- particularly PII -- and making every effort to limit its stay on company databases. "You have to start asking, 'What's the value of the data? What am I doing with it? Does it represent positive value? And who wants me to keep it?'" Brill says. [...] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Delete Data To Delete Risk security curmudgeon (May 17)
- <Possible follow-ups>
- Delete Data To Delete Risk security curmudgeon (May 17)