How much should IT disclose post-intrusion?

8323 pts.
Tags:
intrusion defense
Intrusion detection
Open IT Forum
vulnerability management
As SearchSecurity's recent podcast noted, Apache's recent security disclosure was unusual in how thorough it was. Just curious: What's your company's intrusion or malware disclosure policy, and are you happy with how it's implemented?

Answer Wiki

Thanks. We'll let you know when a new response is added.

That all depends on what the laws are in the state or country that you do business. Businesses that are in or do business in California, if the customers person information is stolen they are required to tell there customers or face a fine.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    Michael - how do you mean "intrusion or malware disclosure policy"? Are you talking about this in the context of breach notification?
    17,140 pointsBadges:
    report
  • Michael Morisy
    Yes, in this case, disclosure of intrusion. A talk by Zach Lanier had me thinking about it, and the general vulnerability/security ecosystem, and then I saw the Apache disclosure going into details about what went wrong, not just that something did go wrong.
    8,323 pointsBadges:
    report
  • Kevin Beaver
    Vulnerability disclosure (like what you're referring to at the links) is different from breach/intrusion disclosure. Both have to be well-thought-out especially the breach notification stuff. This is when you get legal, HR, customer service, and management involved. Better to have a plan/policy before the fact rather than scramble to decide what to do in the midst of a situation.
    17,140 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following