Internet Security Alliance - Enterprise Integration Program on Security Incident Handling

Members, Partners, and Endorsements of the Internet Security Alliance

You need to upgrade your Flash Player This is replaced by the Flash content. Place your alternate content here and users without the Flash plugin or with Javascript turned off will see this. Content here allows you to leave out noscript tags. Include a link to bypass the detection if you wish.

JOIN THE ISAlliance

Already a Member? Click here to setup your account

Enterprise Integration Program on Security Incident Handling

Rhonda MacLean, CEO Maclean Risk Partners with DHS Asst. Secretary for Infrastructure Protection Bob Stephan

Helping to produce the ISAlliance program on Security Incident Handling, Rhonda MacLean (left) Carnegie Mellon University Distinguished Fellow and CEO of MacLean Risk Partners.

Rhonda is also the chair of the ISAlliance Quarterly Work Group on IT Risk Management.

She is pictured here with DHS Assistant Secretary for Infrastructure Protection Robert Stephan - both have been hailed for their efforts in public-private initiatives to secure critical infrastructure.

Liability flowing from security breaches is on the rise, requiring organizations to better manage legal risks flowing from privacy/security breaches. This extends to how investigations and forensic analysis are conducted, how evidence is preserved, and how disclosure of information can be minimized through attorney work product privilege. As a result, companies must dovetail technical solutions with legal considerations and amend operational processes.

Security breaches cost $90 to $305 per lost record. While security breaches can cost a company dearly when it comes to a marred public image and a loss in customer confidence, the actual financial costs can be staggering. The average security breach can cost a company between $90 and $305 per lost record, according to a new study from Forrester Research. The research firm surveyed 28 companies that had some type of data breach. "After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number," wrote senior analyst Khalid Kark in the report. A recent Forrester survey found that 25% of respondents do not know, or do not know how to determine, the cost of data security breaches. Kark said the majority of organizations will incur a wide array of associated costs, sometimes significant enough to even put them out of business.

The EIP on incident handling will focus on the legal considerations pertinent to security incidents (such as liability risks and use of privilege) and will discuss technical considerations in responding and gathering evidence, including response policies and operational procedures.

The EIP on incident handling is scheduled for the second quarter of 2007, check back soon!

Enterprise Integration Program

Now Available!

Business Services

Technical Services

Legal & Policy Services