Near-hits

It seems that several (most of?) the large privacy breaches have something in common: something smaller happened earlier that people didn’t pay enough attention to.

“Marriott’s Starwood Missed Chance to Detect Huge Data Breach Years Earlier, Cybersecurity Specialists Say,” The Wall Street Journal, December 2, 2018 (online).  There was a prior breach in 2015 that, some say, could have been investigated more thoroughly.

Might this happen in your business?  Say there’s a relatively minor breach, affecting a single client’s information.  Or a minor compliance issue.  You discover it and take action.  But does the breach itself indicate weaknesses in your system of controls that may have broader implications?  Do you change your training or other controls to reflect this experience, or the experience of others in your industry?

This brings to mind a common finding in accident investigations.  Something small happened that could/should have put you on notice.  But it was ignored or downplayed.

How does your organization deal with near-hits in the compliance or information governance space?  Is this part of oversight?  Or a part of effective knowledge management?

Advertisements

Leave a comment

Filed under Analytics, Collect, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Knowledge Management, Management, Oversight, Privacy, Protect assets, Security, Third parties, Use

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s