IT pros say data breach assessment is more valuable than notification, study says

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9223706/IT_pros_say_data_breach_assessment_is_more_valuable_than_notification_study_says

By Lucian Constantin
IDG News Service
January 25, 2012

IT professionals believe that assessing the potential harm caused by 
data breaches is more useful to mitigating the effects of such incidents 
than notifying affected individuals, according to a survey published on 
the day the European Union's proposed a 24-hour deadline for data breach 
disclosures.

Entitled "Aftermath of a Data Breach," the study was sponsored by 
information services company Experian and was conducted by the Ponemon 
Institute, which surveyed 584 experienced IT professionals working for 
companies that suffered a data breach involving consumer records during 
the past 24 months.

The questions asked by the Ponemon Institute tried to establish the 
circumstances leading to the data breach, the company's response and the 
incident's impact on the affected organization's data protection 
practices.

One of the study's most interesting conclusions was that while notifying 
victims and regulators are the most common steps taken by companies in 
the aftermath of a data breach, IT professionals don't view them as the 
most important actions for reducing the negative consequences of such 
incidents.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn