This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
Acquiring companies generally scout to get a basic idea of the systems and processes in place well before proceeding with an acquisition. In many cases, the acquisition steering committee--consisting of IT, business and compliance employees--knows how difficult the process will be, says Pollicove.
"Even though they're addressing many of the same customers, they'll sometimes do things in completely different ways," says Pollicove.
Any third-party organizations and consultants who worked with the acquired company must be carefully managed to prevent information leaks and breaches, says Claudiu Popa, president and CSO at data security vendor Informatica.
Employees on both sides must be aware of policies, procedures, standards and guidelines early on to ensure a smooth transition, says Popa. "Human resources departments must look for gaps in liability and responsibility that would represent a security failure.
"The risk to information assets during this time is increased by numerous factors such as different policies in effect, people, process inefficiencies, breakdowns in leadership and lax security controls," says Popa. "This kind of transitional period results in situations that can not only foster security breaches but, critically, make them more difficult to detect."
This was first published in November 2008