After my part 1 and part 2 posts on incident response and the last post on cloud computing security, a number of you requested I talk about risk assessments. Since it’s currently my favourite topic, I am more than happy to oblige... First, a few facts:
- Epsilon was breached in the first quarter of 2011. At the time, they built and hosted customer databases for 2,500 well-known brands and sent more than 40 billion emails a year on their behalf.
- Not long after, the Sony breach ended up compromising personally identifiable information for more than 100 million of its customers.
Obviously, for both organisations, customer information is a key asset...