follow-up on the May 2006 VA dataloss

[Henry Brown <hbrown () knology net>]

http://www.gsnmagazine.com/cms/features/columns/682.html

VA’s proactive solution for data breach analysis
By Adair Martinez
Adair Martinez is Deputy Assistant Secretary for Information Protection 
& Risk Management at the U.S. Department of Veterans Affairs.


Following the May 2006 incident involving the theft of a U.S. Department 
of Veterans Affairs (VA) laptop computer, it was clear that we had a 
need for a formal process for evaluating and responding to data breach 
incidents. Using BMC Software’s development tool, the VA has built an 
infrastructure to document privacy and security incidents via the 
enterprise deployment of applications such as the PVTS (Privacy Tracking 
System) and VA-NSOC (VA Network Security Operations Center).

The lack of a formalized, quantifiable risk evaluation of incidents was 
not efficient. We did not have a system that prioritized, maximized or 
optimized VA resources in response to data breach incidents. In 
addition, communication channels between the local information security 
officer and privacy officer, NSOC and the national level were not well 
defined. The lack of a risk assessment process and incident handling 
coordination potentially reduced the timeliness and effectiveness of 
response actions by the VA. In 2006, the VA began the process of 
developing a formal process to conduct risk assessments of privacy and 
security incidents that involve potential data breaches.

[...]


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml