Information security and risk management team leaders often discuss data breach risks in their organization and how to mitigate those risks as quickly, effectively and economically as possible.
For many readers of this website, security policies in their companies try to adequately address and implement controls, along with security audits and security analysis exercises, implemented on a regular basis, are in place to avoid the negative consequence(s) from a data breach to their organization.
Those risk management teams even with the proper tools and policies struggle daily to mitigate those organizational privacy rights violation risks.
Learning from others is an important part of that process, and, it is with that in mind, that we recommend an article reporting on an interview between Kim Peretti, and Tom Field, Editorial Director of the GovInfoSecurity website, and entitled, “Inside the TJX/Heartland Investigations”.
Ms. Peretti is a former Senior Counsel in the Computer Crime and Intellectual Property Section of the Criminal Division of the United States Department of Justice, located in Washington, DC., and in her article, she offers an inside look at this data breach related investigation detailing such related areas of focus as: (1) how the investigations unfolded from beginning to end; (2) the significance of the conspirators’ sentences, and (3) lessons learned from these cases.
Please pass this information along to your information security risk managers, and, hopefully they can gain critical information from the “lessons to learn” section of the report and then add real value to their own information security audit and risk analysis activities.