Blog

The Letter

A letter was sent to Congressional leaders from 40 organizations representing many types of businesses, asking for legislation for a single federal law to apply to all breached organi

A letter was sent to Congressional leaders from 40 organizations representing many types of businesses, asking for legislation for a single federal law to apply to all breached organizations. This would standardize processing required in the event of breaches of sensitive data and reduce confusion. Consistency is a great idea. I'd like to see this go one step further and standardize the information that is obtained from the breached organization.

Here are 5 things that we might want to know as a start:

  1. The type of network security that is being used.
  2. The Third Parties connected to their networks.
  3. The number of copies of sensitive data that exist throughout their network.
  4. The location of the breached data within their network (i.e.: DMZ, test, QA, etc.)
  5. Who has access to what?

The bad guys are out there and we need to step up our knowledge base if we are going to outdo them.