What do you think?
Rate this book
Data Breaches: Crisis and Opportunity
Protect Your Organization Against Massive Data Breaches and Their Consequences Data breaches can be catastrophic, but they remain mysterious because victims don’t want to talk about them. In Data Breaches, world-renowned cybersecurity expert Sherri Davidoff shines a light on these events, offering practical guidance for reducing risk and mitigating consequences. Reflecting extensive personal experience and lessons from the world’s most damaging breaches, Davidoff identifies proven tactics for reducing damage caused by breaches and avoiding common mistakes that cause them to spiral out of control. You’ll learn how to manage data breaches as the true crises they are; minimize reputational damage and legal exposure; address unique challenges associated with health and payment card data; respond to hacktivism, ransomware, and cyber extortion; and prepare for the emerging battlefront of cloud-based breaches. Understand what you need to know about data breaches, the dark web, and markets for stolen data Limit damage by going beyond conventional incident response Navigate high-risk payment card breaches in the context of PCI DSS Assess and mitigate data breach risks associated with vendors and third-party suppliers Manage compliance requirements associated with healthcare and HIPAA Quickly respond to ransomware and data exposure cases Make better decisions about cyber insurance and maximize the value of your policy Reduce cloud risks and properly prepare for cloud-based data breaches Data Breaches is indispensable for everyone involved in breach avoidance or executives, managers, IT staff, consultants, investigators, students, and more. Read it before a breach happens! Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.
464 pages, Kindle Edition
Published October 8, 2019
10 people are currently reading
27 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
July 2, 2020
When hearing the term opportunity when dealing with data breaches, many people would think that it is only lawyers who benefit in such a situation. But in Data Breaches: Crisis and Opportunity (Addison-Wesley 978-0134506784), author Sherri Davidoff writes that as devastating as a massive data breach can be if lessons are learned, they can be a catalyst to create an effective and highly secure information security program.
In the book, she details numerous cases and shows how some firms dealt with them disastrously (Target), and others used effective incident response techniques (Home Depot) to come out relatively unscathed. This is an excellent guide to deal with the crisis of a data breach effectively.
For many organizations, they have long captured as much data as they can. In the last decade, as storage prices have dropped significantly, especially with cloud storage. At the personal level, you can buy a 1TB thumb drive today for $29. With such a paradigm, there was no reason not to store as much data as you could.
But Davidoff sets the context early when she writes that data is a hazardous material. The more you have, the higher your risk of a data breach. And to effectively manage the risk., you have to understand the factors that contribute to the risk of a data breach.
The book provides a practical approach to understanding the data risks and avoiding being the victim of a data breach.
Davidoff writes that the biggest mistake of data breach management and response is the assumption that a data breach is an information security incident. But she writes that it is usually much more than that. A data breach is a crisis and must be treated accordingly. It is not just a matter of semantics. As she shows from the Target breach, the failure to treat it as a crisis resulted in Target being the poster child for how to not respond to an incident.
With that approach, the book does a superb job of creating the framework in which to prepare for the inevitable data breach. The book is heavy on concepts such as crisis preparation, communication plans, and more.
There is very little theory in the book and extensive use of real-world examples that the reader can use to craft their program. Massive data breach incidents from ChoicePoint, Target, Equifax, and more are dealt with in great detail.
In chapter 6, dealing with payment card breaches, she provides a good overview of how credit card payments work and how they are ripe for fraud. She also rails a bit on the PCI DSS standard, of which many of her complaints are valid. When detailing the costly multi-billion dollar rollout of EMV terminals some years ago, she notes that by not using the chip and PIN feature, which affords the highest security level, these rollouts primarily served to protect banks, and incur considerable risk on the part of the merchants.
Data breaches are inventible. It is said that there are two types of companies: those that have had a data breach and those that don’t know they have had one yet.
In preparing for that inventible, Data Breaches: Crisis and Opportunity is an invaluable guide to the history of some of the most significant data breaches, what you can do to ensure your firm does not become another statistic, and in the event it does happen, to minimize the damage of that breach.
In the book, she details numerous cases and shows how some firms dealt with them disastrously (Target), and others used effective incident response techniques (Home Depot) to come out relatively unscathed. This is an excellent guide to deal with the crisis of a data breach effectively.
For many organizations, they have long captured as much data as they can. In the last decade, as storage prices have dropped significantly, especially with cloud storage. At the personal level, you can buy a 1TB thumb drive today for $29. With such a paradigm, there was no reason not to store as much data as you could.
But Davidoff sets the context early when she writes that data is a hazardous material. The more you have, the higher your risk of a data breach. And to effectively manage the risk., you have to understand the factors that contribute to the risk of a data breach.
The book provides a practical approach to understanding the data risks and avoiding being the victim of a data breach.
Davidoff writes that the biggest mistake of data breach management and response is the assumption that a data breach is an information security incident. But she writes that it is usually much more than that. A data breach is a crisis and must be treated accordingly. It is not just a matter of semantics. As she shows from the Target breach, the failure to treat it as a crisis resulted in Target being the poster child for how to not respond to an incident.
With that approach, the book does a superb job of creating the framework in which to prepare for the inevitable data breach. The book is heavy on concepts such as crisis preparation, communication plans, and more.
There is very little theory in the book and extensive use of real-world examples that the reader can use to craft their program. Massive data breach incidents from ChoicePoint, Target, Equifax, and more are dealt with in great detail.
In chapter 6, dealing with payment card breaches, she provides a good overview of how credit card payments work and how they are ripe for fraud. She also rails a bit on the PCI DSS standard, of which many of her complaints are valid. When detailing the costly multi-billion dollar rollout of EMV terminals some years ago, she notes that by not using the chip and PIN feature, which affords the highest security level, these rollouts primarily served to protect banks, and incur considerable risk on the part of the merchants.
Data breaches are inventible. It is said that there are two types of companies: those that have had a data breach and those that don’t know they have had one yet.
In preparing for that inventible, Data Breaches: Crisis and Opportunity is an invaluable guide to the history of some of the most significant data breaches, what you can do to ensure your firm does not become another statistic, and in the event it does happen, to minimize the damage of that breach.
February 9, 2020
Excellent. This book needs to be read by everyone in American Business and Government.
Displaying 1 - 2 of 2 reviews