This morning I saw an article from the link below stating that a national data breach registrar/notification system is needed.
http://www.bankinfosecurity.com/
I concur, however I think we need holistic data breach legislation that will dictate: what constitutes a breach, baseline security controls/safeguards to prevent a breach, a database/website enumerating all breaches and finally the incident response workflow (including timeline, information dissemination, etc.) that an organization would follow once a breach is detected/determined.
No comments:
Post a Comment