BreachExchange mailing list archives
Harvard Business Review - Data Breach Case Study.
From: security curmudgeon <jericho () attrition org>
Date: Tue, 28 Aug 2007 16:06:57 +0000 (UTC)
http://tinyurl.com/2q87md HBR Case Study Boss, I Think Someone Stole Our Customer Data Flayton Electronics learns that the security of its customer data has been compromisedand faces tough decisions about what to do next. by Eric McNulty Brett Flayton, CEO of Flayton Electronics, stared intently at a troubling memo on his desk from the firms head of security. Running his hands through his full head of barely graying hair, he looked not unlike his father did when he established the first Flayton Cameras and Stereos 25 years ago. The security situation had come to Bretts attention just before nine oclock the previous evening. On his way home from a vendor meeting, he had been settling into an armchair in the airline lounge. He had barely opened Electronics News when his mobile phone rang. It was Laurie Benson, vice president for loss prevention. Brett, we have a problem. There might be a data breach. Laurie, a tough but polished former Chicago police detective, had been responsible for security at Flaytons for almost three years. She had an impressive record of reducing store thefts while building productive relationships with local schools, community groups, and law enforcement. [..] Sergei stiffened. We meet about 75% or so of the PCI requirements. Thats better than average for retailers of our size. The response was defensive but honest. How have we been able to get away with that? Brett growled. He knew that PCI compliance, which was mandated by all the major credit card companies, required regular scans by an outside auditor to ensure that a companys systems were workingwith stiff penalties for failure. They dont scan us every day, Sergei demurred. Compliance really is up to us, to me, in the end. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Harvard Business Review - Data Breach Case Study. security curmudgeon (Aug 28)