HackDig : Dig high-quality web security articles for hacker

Should it be Mandatory to have an Independent Security Audit after a Breach?, (Sat, Mar 7th)

2015-03-08 02:45

Security breaches seem to be the norm now. Home Depot, Target, Sony, JP Morgan Chase to name a few who have been in the recent past, victim of sophisticated system compromise which ultimately lead to sensitive information leaked to the open. It is difficult to tell how sophisticated the attack was since we rarely ever see a report how the attack took place and what could have been done to prevent it (remember the last step of incident response).

One of the latest victims is Anthem Inc. who may have been compromised as early as December 2014 over a period of several weeks. For those who have been victims of this attack, Antem setup a website to signup for Identity Theft Repair Credit Monitoring Services.

Coming back to my question, should it be mandatory to have an independent security audit performed against the affected systems after a severe breach? The result of the report is made available to the victims to help them regain trust their data is secure and whenever necessary, is encrypted and protected. What do you think?

[1] https://www.anthem.com/health-insurance/home/overview
[2] https://www.anthemfacts.com
[3] http://www.oas.org/cyber/documents/IRM-5-Malicious-Network-Behaviour.pdf

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&13491=diyrots?lmth.yraid/ude.snas.csi

Read:1496 | Comments:0 | Tags:No Tag

“Should it be Mandatory to have an Independent Security Audit after a Breach?, (Sat, Mar 7th)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud