Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

With Data Breach Disclosure, When Does the Clock Start Ticking? [Podcast]

DZone's Guide to

With Data Breach Disclosure, When Does the Clock Start Ticking? [Podcast]

Nobody wants to be the next Equifax. But if your organization's data really is compromised, how do you handle it? Listen to this podcast to get the opinion of one expert.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

In the last episode of the Cyber Second Podcast, we talked about the confusing patchwork of rules and laws - state, federal, global - dictating data breach disclosure rules. The common thread in nearly all of the existing regulations is that the disclosure clock starts the very moment that a company becomes aware of the breach. But when does someone truly know something, and who needs to know to establish that the company knew they were impacted? Does the clock start when the first log anomaly is detected by a member of the security staff, when the CEO is formally briefed, or when the forensic investigation proves a breach really occurred?

Certainly, businesses have a desire to truly understand what - if anything - has occurred before they communicate it to customers. But what about the desire of the customers? How long will it take an attacker to monetize the data and automate phishing attacks, or do something with the information that is bad for the consumer? The business may be impacted, but it seems the truly injured party in a breach is not the company, but the person whose data was stolen.

In this podcast, Adrian Lane, analyst and CTO at Securosis, asks us to change our perspective as he answers some of our most pressing questions - and addresses our key concerns - around data breach disclosure.

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
security ,data security ,data breach

Published at DZone with permission of Laura Paine, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}