ENISA Studies Data Breach Notification Rules
by iClass - Wednesday, January 19, 2011
As data breach incidents may have severe implications on the privacy, credit situation and reputation of the affected parties, organizations are required to abide by the notification rules issued by regulatory authorities.
However, data breach notifications may also have adverse implications on the reputation of an organization.Usually, professionals with IT security certifications conduct investigation on the causes of the breach and initiate remedial measures before notifying the stakeholders. The European Network and Information Security Agency (ENISA) recently conducted a study to understand the concerns of telecom companies and data protection authorities in adhering to an ePrivacy directive of the European Parliament and council of European Union. The study assumes significance in the light of the recent data breach incidents at Telecom companies.
The concerns of telecom companies and data protection authorities relate to lack of risk prioritization, mode of communication, reporting deadlines and notification content among others. Prioritizing risk is crucial to devote adequate resources and initiating appropriate measures. Companies expressed concern on the possible adverse impact on their reputation on complying with data breach notification rules.While regulatory authorities stipulate shorter deadlines for data breach notifications, companies advocate initiating mitigating measures before reporting data breach incidents.
Lack of awareness among customers may cause undue alarm and panic among customers. Notification content assumes high significance in this context. Regulatory authorities and telecom companies must jointly undertake online computer training programs to create awareness on the possible threats, their likely implications, preventive and remedial measures to be adopted by the customers.
ENISA studied the best practices and experiences of other industries to understand preventive and corrective measures to be adopted in dealing with data breach incidents. The study attempted to understand the various perspectives of notification management within and outside the industry. The study may help regulatory authorities in coming up with an acceptable and effective notification rules. ENISA also plans to conduct a workshop for sharing ideas on data breach notifications.
Telecom companies at their end must conduct regular security appraisals through security specialists such as ethical hacker certified professionals to understand the possible threat vectors and initiate preventive action. They must also encourage safe IT practices among employees to promote IT security conscious culture in the organization and reduce data breach incidents.
EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. “Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation” as stated by EC-Council’s Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
6330 Riverside Plaza Ln NW
Albuquerque, NM 87120
Read More Press Releases
Get press releases by email