Structured method to data breach analysis and response
Posted on 13 September 2012.
Data breaches are growing in frequency and magnitude, and have a tremendous financial, legal, operational and reputational impact to the breached organization, whether it's a financial institution, a hospital, a retailer, a university, a company, a government entity, or a social network.

With 174 million compromised records in 2011, according to Verizon, assessing, managing, and publicly responding to a data breach involving medical records, financial information and Social Security Numbers, can be overwhelming and often beyond the scope of an organization's expertise.

In order to provide organizations with an end-to-end blueprint for addressing a privacy incident, ID Experts developed YourResponse a patented breach resolution method to help companies achieve the most positive outcomes for everyone affected in a data breach.

At the core of the ID Experts data breach response process, is a patented, four-stage methodology that includes discovery, analysis, formulation and response. Because all data breach incidents have unique differences, ID Experts uses this rigorous, tiered method that focuses on two often overlooked areas that are crucial to fostering positive outcomes: analysis of the data security incident to determine if it constitutes a data breach, and formulation of a tailored breach response package that is optimized for the risks faced by the affected individuals as well as their special needs.

The YourResponse breach response method includes four distinct stages:
  • Discover: digital forensics; root cause discovery, chain of evidence preservation
  • Analyze: incident assessment; risk score and regulatory obligations
  • Formulate: evaluate demographics/special needs of affected individuals; Develop response package to address needs and risks
  • Respond: breach response "mission control"; notification to individuals, regulatory authorities, media; incoming phone and web advisory; identity protection services; identity recovery for victims.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th