[Dataloss] Harvard Business Review - Data Breach Case Study.
security curmudgeon
jericho at attrition.org
Tue Aug 28 16:06:57 UTC 2007
http://tinyurl.com/2q87md
HBR Case Study
Boss, I Think Someone Stole Our Customer Data
Flayton Electronics learns that the security of its customer data has been
compromisedand faces tough decisions about what to do next.
by Eric McNulty
Brett Flayton, CEO of Flayton Electronics, stared intently at a troubling
memo on his desk from the firms head of security. Running his hands
through his full head of barely graying hair, he looked not unlike his
father did when he established the first Flayton Cameras and Stereos 25
years ago.
The security situation had come to Bretts attention just before nine
oclock the previous evening. On his way home from a vendor meeting, he had
been settling into an armchair in the airline lounge. He had barely opened
Electronics News when his mobile phone rang. It was Laurie Benson, vice
president for loss prevention.
Brett, we have a problem. There might be a data breach. Laurie, a tough
but polished former Chicago police detective, had been responsible for
security at Flaytons for almost three years. She had an impressive record
of reducing store thefts while building productive relationships with
local schools, community groups, and law enforcement.
[..]
Sergei stiffened. We meet about 75% or so of the PCI requirements. Thats
better than average for retailers of our size. The response was defensive
but honest.
How have we been able to get away with that? Brett growled. He knew that
PCI compliance, which was mandated by all the major credit card companies,
required regular scans by an outside auditor to ensure that a companys
systems were workingwith stiff penalties for failure.
They dont scan us every day, Sergei demurred. Compliance really is up to
us, to me, in the end.
[..]
More information about the Dataloss
mailing list