Data Breaches: Trends, costs and best practices

  • ID: 1954108
  • November 2011
  • 115 Pages
  • IT Governance
1 of 4

Data Breaches: Trends, Costs and Best Practices helps with securing personal and corporate data and responding to data breaches.

Data breaches: Trends, costs and best practices, from IT Governance Publishing, gives you the key information and worldwide trends in corporate data breaches - those that affect personally identifiable information and contravene laws such as the UK Data Protection Act, HIPAA and so on - and identifies best practice for avoiding business, regulatory and brand damage.

As organisations work out how to tackle their data security, this report gives valuable insights and guidance.

This authoritative report is aimed at executives, information security managers, risk managers, auditors, compliance managers, stakeholders and data controllers worldwide. It assesses the reality in today's data breach landscape, recognises the real, damaging trends that affect businesses, stakeholders and individuals and identifies current and emerging best practice in controlling the risks - and costs - arising from inadequate security in relation to personal data.

Data breaches - key risk areas

This report, which draws on an IT Governance survey as READ MORE >

Note: Product cover images may vary from those shown
2 of 4


Key recommendations

Trends in reported data breaches

The numbers of data breaches
The numbers of data breaches by sector
Data breaches arising from insider and outsider threats

Costs of data breaches
Costs to organisations
Unavoidable costs that are consequent on compliance with a data breach law
Costs that may be necessary to restore the brand
Costs resulting from customer churn
Costs resulting from legal action
Costs to customers
Costs to banks
Costs to police/federal organisations
Costs incurred through the fraudulent purchase of goods

Data protection legislation and regulation
The UK
Rights of data subjects (subject access requests)
The sharing of sensitive personal data within the public sector
The US
The Gramm–Leach–Bliley Act
The Fair Credit Reporting Act
Safe Harbor
Health Insurance Portability and Accountability Act (HIPAA)
The Federal Information Security Management Act (FISMA)
Federal Financial Institutions Examination Council standards (FFIEC)
The Sarbanes–Oxley Act (SOX)
Basel 2
South Africa
The Payment Card Industry Data Security Standard (PCI DSS)

Causes of data breaches
External threats
Phishing, pharming, whaling and other targeted attacks
Physical theft
Social engineering attacks
Internal threats
Lost portable storage media
Web application weaknesses
Trends in data breach causes
Causes of data breaches in the US
Causes of data breaches in the UK

Recommendations for improved data security
Create a defence-in-depth using ISO27001
Organisational processes
Laptop encryption
Encryption of portable storage devices
Wireless encryption
Establish rigorous procedures to ensure physical destruction of redundant computer drives and magnetic media prior to disposal
Protect credit card data
Provide regular training and awareness on legal responsibilities for all staff that deal with personal data
Deploy outward-bound channel (e-mail, instant messenger) filtering software, with customised dictionaries
Establish a vulnerability patching programme and deploy anti-malware software
Technical vulnerability patching
Implement anti-malware software
Implement a business-driven access control policy, combined with effective authentication
Maintain an inventory of the types of data held, apply an information classification system, and ensure that data retention and destruction, of both electronic and paper-based information, is carried out in line with a formal matrix of data retention periods
Develop an incident management plan that enables the organisation to respond effectively to any data breaches


APPENDIX B Examples of data breaches by cause

APPENDIX C Examples of data breaches showing consequent organisational cost and impact

APPENDIX D State laws governing security breach notification

APPENDIX E European Directive on Data Protection

Note: Product cover images may vary from those shown
3 of 4

- Europe
- United Kingdom
- United States
- Canada
- South Africa
- Australia

Note: Product cover images may vary from those shown
4 of 4
Note: Product cover images may vary from those shown





Our Clients

  • Visonic Group
  • Symantec Corporation
  • Raytheon Company
  • EMC Corporation
  • Nagra Kudelski Group
  • Cisco Systems, Inc.