Data Breaches: Crisis and Opportunity 1st Edition

First and foremost, if you are interested in learning more about data breaches and how to deal with them, this book is worth your time and money. Inside your first 100 pages you'll receive a thorough understanding of the type of situation a data breach presents, the full ramifications of a quality/poor execution of a breach response, and how you approach a crisis response program/plan of your own. It thoroughly covers how you can set yourself up for success in dealing with these situations in an easily digestible way with excellent commentary and citations. That value alone is worth the purchase in my opinion. It later goes on to walk through specific data breach types and dives deep into the real world examples you've seen in the news. The book is well written, flows well, and makes it easy to keep turning the page. If you're in a position where you need to plan for, influence, or respond to a data breach incident, this is worth it. Great Job to Sherri and her team for delivering this expert knowledge and making it grounded/reinforced with additional material, citations, and value for the reader.

There has not been a definitive source of information and advice about data breaches until now. Essential facts and best practices are combined with case studies that make the book captivating and informative. Should be required reading not only for cybersecurity professionals but even more for business leaders who own the risk of data.

A comprehensive volume on data breaches. Covers both the history and the different areas impacted by the most significant problem domain in information security today. It also provides guidance for how to minimize the possibility of a data breach event, and how to minimize the impact if it does. Do yourself a favor and buy this book (for yourself and your organization).

Absolutely the generally right approach to making interesting and relevant cyber security — but the author shows a lack of focus and the editor reveals an inability to remedy that or make it a priority.Still I recommend it — and here’s hoping to a quick and improved second edition.

I like this book so much that I purchased the paperback and Kindle version.

When hearing the term opportunity when dealing with data breaches, many people would think that it is only lawyers who benefit in such a situation. But in Data Breaches: Crisis and Opportunity, author Sherri Davidoff writes that as devastating as a massive data breach can be if lessons are learned, they can be a catalyst to create an effective and highly secure information security program.In the book, she details numerous cases and shows how some firms dealt with them disastrously (Target), and others used effective incident response techniques (Home Depot) to come out relatively unscathed. This is an excellent guide to deal with the crisis of a data breach effectively.For many organizations, they have long captured as much data as they can. In the last decade, as storage prices have dropped significantly, especially with cloud storage. At the personal level, you can buy a 1TB thumb drive today for $29. With such a paradigm, there was no reason not to store as much data as you could.But Davidoff sets the context early when she writes that data is a hazardous material. The more you have, the higher your risk of a data breach. And to effectively manage the risk., you have to understand the factors that contribute to the risk of a data breach.The book provides a practical approach to understanding the data risks and avoiding being the victim of a data breach.Davidoff writes that the biggest mistake of data breach management and response is the assumption that a data breach is an information security incident. But she writes that it is usually much more than that. A data breach is a crisis and must be treated accordingly. It is not just a matter of semantics. As she shows from the Target breach, the failure to treat it as a crisis resulted in Target being the poster child for how to not respond to an incident.With that approach, the book does a superb job of creating the framework in which to prepare for the inevitable data breach. The book is heavy on concepts such as crisis preparation, communication plans, and more.There is very little theory in the book and extensive use of real-world examples that the reader can use to craft their program. Massive data breach incidents from ChoicePoint, Target, Equifax, and more are dealt with in great detail.In chapter 6, dealing with payment card breaches, she provides a good overview of how credit card payments work and how they are ripe for fraud. She also rails a bit on the PCI DSS standard, of which many of her complaints are valid. When detailing the costly multi-billion dollar rollout of EMV terminals some years ago, she notes that by not using the chip and PIN feature, which affords the highest security level, these rollouts primarily served to protect banks, and incur considerable risk on the part of the merchants.Data breaches are inventible. It is said that there are two types of companies: those that have had a data breach and those that don’t know they have had one yet.In preparing for that inventible, Data Breaches: Crisis and Opportunity is an invaluable guide to the history of some of the most significant data breaches, what you can do to ensure your firm does not become another statistic, and in the event it does happen, to minimize the damage of that breach.

This is the gold standard. Well written, comprehensive. I refer to it daily. Extremely useful book. Tips throughout are insightful.