http://www.darkreading.com/database-security/167901020/security/news/240000521/delete-data-to-delete-risk.html By Ericka Chickowski Contributing Writer Dark Reading May 16, 2012 Earlier this month, a Missouri state senator led a filibuster to block the vote on the creation of a new prescription-tracking database within the state -- on the grounds that should a breach occur to expose this database, it would expose embarrassing information about citizens. Though extreme, the event offers good evidence that awareness is growing both in the public and private sector that one of the best ways to protect sensitive and personally identifiable information (PII) from a breach is to eliminate its existence. "Rule No. 1 in data-breach prevention is that they can't steal it if you don't have it," says Alan Brill, senior managing director of Kroll Advisory Solutions. "It would be a lot better if people remembered that one." Obviously, protected identifiable information and other sensitive information fuels enterprise business today. And then there are certain classes of data that are required to be kept because of litigation or to maintain a legal hold for discovery issues, Brill explains. But beyond that, he believes organizations need to do a better job probing the necessity of retaining data -- particularly PII -- and making every effort to limit its stay on company databases. "You have to start asking, 'What's the value of the data? What am I doing with it? Does it represent positive value? And who wants me to keep it?'" Brill says. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Thu May 17 2012 - 01:04:38 PDT
This archive was generated by hypermail 2.2.0 : Thu May 17 2012 - 01:00:30 PDT