Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on April 10, 2007 10:38 AM.

The previous post in this blog was Strong or different authentication doesn't stop phishing attacks.

The next post in this blog is MACS, Windows, Linux and Security.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Strong or different authentication doesn't stop phishing attacks | Main | MACS, Windows, Linux and Security »

To report or not?

IT Week in the UK today ran a story "Companies keep silent on data breaches". It's interesting in that it discusses the fact that recent research shows that one third of all enterprise security breaches go unreported. It raises the question of whether or not to report enterprise security breaches?

In my own personal opinion, I believe that if the breach potentially endangers customer data, then the customers must be notified. If the customers are the general public and not enterprises, then I believe the announcement must be made publicly. In fact, I think that laws need to be standardized across the planet demanding this.

While the impact on the enterprise can be grave in announcing this (e.g. TJ MAX) the long term outlooks for both the consumer and the enterprise are better than by not reporting it and effectively sweeping it under the carpet.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on April 10, 2007 10:38 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/199

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)