Q

How can a CSO determine if a company has a data security problem?

In this SearchSecurity.com Q&A, security management expert Mike Rothman examines certain areas that a CSO should focus on, such as internal policy documents and penetration test results, to determine if a corporation has a data security breach problem.

What would a CSO look for in an annual report in order to isolate potential security problems? How can a CSO identify security problems in major corporations by looking at this or, say, a 10-K form?
The annual reports are legal documents. All information is considered a potential risk, which may or may not become a problem. Legally, companies get in hot water if something happens and the potential of it happening isn't disclosed. I've never seen an annual report specifically discuss what security controls are in place, since that would give attackers a map of someone's defenses. Considering, I think the 10-K is the wrong place to look for information on security problems.

Though the intent of this question isn't clear, I recommend CSOs focus on internal policy documents, penetration test results and the like. Obviously, that information is not available to outsiders. When trying to determine if a company has had data breach problems in the past, one place to look is the Privacy Rights Clearinghouse's Chronology of Data Breaches. Finally, correlate IP addresses to reputation services to figure out if...

there are fundamental issues that are present within an organization.

For more information:

  • In this SearchSecurity.com Q&A, security management expert Mike Rothman describes how protecting data and systems is a collaborative effort.
  • Security expert Shon Harris explains the essential elements behind deploying a successful security governance program.
  • This was first published in June 2007

    Dig deeper on Data Privacy and Protection

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close