Dissent Doe :cupofcoffee: on Nostr: Seriously: who decides what "best practice(s)" is/are for incident response? And how ...
Seriously: who decides what "best practice(s)" is/are for incident response? And how is that determination made?
A law professor reportedly informed a student news outlet it was “best practice” to limit information about a breach claimed by threat actors until there was information on the full scope of the breach and the network was secure.
“Institutions do not want to get into a drip situation where they notify people of a breach, then later learn the breach was worse than understood, and then have to give more and more notices,” he wrote.
So "best practice" is defined as what is most convenient or in the entity's best interests instead of in the best interests of those whose data were stolen? I can understand the wanting to secure the network part, but it is not acceptable in the World According to Dissent to delay disclosure of a breach until you know the full scope if data are already being leaked on the internet or appear to be at plausible risk of imminent misuse.
Calling delays like this "best practices" seems to confer some legitimacy on delays that I don't think are all legitimate reasons.
(Wanders off in search of coffee..)
npub1jahygzcn6e08fzlexp3zwx6wfn4erf2zmxay9jw4j6ctkv0c2qhsdm0scu (npub1jah…0scu) npub10k72v2h56j98750zjfuu92m206fh6p6latxmup869ym4espay6eqwplp63 (npub10k7…lp63) npub107pxlft5l6zfk7cf2427an0e2yh4ecd56tlr9eswhndflxwsdfzsgzfkuv (npub107p…fkuv) npub1zj46mlm94ekxxlc26xk3yyse9c89jd6hrf9q6ce34w045es6a86sqzfyjh (npub1zj4…fyjh) npub182alpzzyrmxjl9psczfucqmnzs3g3tn9m36rjcc9s4q8q38m2d7s5emc3v (npub182a…mc3v)
#databreach #incidentresponse #disclosure #bestpractices #excuses
A law professor reportedly informed a student news outlet it was “best practice” to limit information about a breach claimed by threat actors until there was information on the full scope of the breach and the network was secure.
“Institutions do not want to get into a drip situation where they notify people of a breach, then later learn the breach was worse than understood, and then have to give more and more notices,” he wrote.
So "best practice" is defined as what is most convenient or in the entity's best interests instead of in the best interests of those whose data were stolen? I can understand the wanting to secure the network part, but it is not acceptable in the World According to Dissent to delay disclosure of a breach until you know the full scope if data are already being leaked on the internet or appear to be at plausible risk of imminent misuse.
Calling delays like this "best practices" seems to confer some legitimacy on delays that I don't think are all legitimate reasons.
(Wanders off in search of coffee..)
npub1jahygzcn6e08fzlexp3zwx6wfn4erf2zmxay9jw4j6ctkv0c2qhsdm0scu (npub1jah…0scu) npub10k72v2h56j98750zjfuu92m206fh6p6latxmup869ym4espay6eqwplp63 (npub10k7…lp63) npub107pxlft5l6zfk7cf2427an0e2yh4ecd56tlr9eswhndflxwsdfzsgzfkuv (npub107p…fkuv) npub1zj46mlm94ekxxlc26xk3yyse9c89jd6hrf9q6ce34w045es6a86sqzfyjh (npub1zj4…fyjh) npub182alpzzyrmxjl9psczfucqmnzs3g3tn9m36rjcc9s4q8q38m2d7s5emc3v (npub182a…mc3v)
#databreach #incidentresponse #disclosure #bestpractices #excuses