BreachExchange mailing list archives
How the VA deals with data breaches
From: security curmudgeon <jericho () attrition org>
Date: Thu, 22 Aug 2013 11:02:19 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://fcw.com/articles/2013/08/21/veterans-affairs-data-breaches.aspx By Frank Konkel FCW.com Aug 21, 2013 Privacy is paramount in the Department of Veterans Affairs, and a small interagency team plays a large role in how the federal government responds to potential breaches in the privacy of its veterans. Each week, at least some of the Data Breach Core Team's 30 members gather to pore over suspected data breaches reported through the agency's Privacy Security Event Tracking System, determining whether an incident is an actual breach. The DBCT assigns a risk categorization ? low, medium or high ? to each potential breach and determines whether VA should offer credit monitoring to veterans in each case. The weekly sessions highlight a transformation the agency went through following the disastrous data breach in 2006 that might have exposed the personal data of 26 million veterans, according to John Oswalt, VA's associate deputy assistant secretary for privacy, policy and incident response. The 2006 breach ? the result of the theft of a VA analyst's laptop and external drive, which were eventually recovered intact ? cost taxpayers millions of dollars and damaged VA's public reputation and its trust with the veterans it was charged to protect. It also highlighted internal inadequacies in how VA reported and responded to potential breaches ? then-VA Secretary James Nicholson was not notified about the incident until three weeks after it took place. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- How the VA deals with data breaches security curmudgeon (Aug 23)