[Dataloss] follow-up on the May 2006 VA dataloss
Henry Brown
hbrown at knology.net
Tue Apr 22 19:49:12 UTC 2008
http://www.gsnmagazine.com/cms/features/columns/682.html
VA’s proactive solution for data breach analysis
By Adair Martinez
Adair Martinez is Deputy Assistant Secretary for Information Protection
& Risk Management at the U.S. Department of Veterans Affairs.
Following the May 2006 incident involving the theft of a U.S. Department
of Veterans Affairs (VA) laptop computer, it was clear that we had a
need for a formal process for evaluating and responding to data breach
incidents. Using BMC Software’s development tool, the VA has built an
infrastructure to document privacy and security incidents via the
enterprise deployment of applications such as the PVTS (Privacy Tracking
System) and VA-NSOC (VA Network Security Operations Center).
The lack of a formalized, quantifiable risk evaluation of incidents was
not efficient. We did not have a system that prioritized, maximized or
optimized VA resources in response to data breach incidents. In
addition, communication channels between the local information security
officer and privacy officer, NSOC and the national level were not well
defined. The lack of a risk assessment process and incident handling
coordination potentially reduced the timeliness and effectiveness of
response actions by the VA. In 2006, the VA began the process of
developing a formal process to conduct risk assessments of privacy and
security incidents that involve potential data breaches.
[...]
More information about the Dataloss
mailing list