Data Breaches: Crisis and Opportunity, 1st edition

Published by Addison-Wesley Professional (October 16, 2019) © 2020

  • Sherri Davidoff

eTextbook

$42.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$35.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

Why do some organizations emerge from a data breach unscathed, while others are badly damaged, or even collapse? How can you make smart choices to protect your organization before and after a data breach? This book exposes the high-octane world of data breach disclosure and response, where IT help desk staff have the power to save or destroy a company, and cutting-edge attorneys must often parachute in to save the day. You’ll watch as one of the world’s most experienced cybersecurity professionals dissects high-profile data breaches, reveals what happened, and reveals exactly what you can do to navigate a massive data breach -- quickly mitigating damage to your digital assets, finances, and organizational reputation.

Sherri Davidoff teaches through storytelling, making this book powerfully accessible and practically useful to everyone from the boardroom to the server closet. Along the way, she reveals what the press didn’t cover about attacks on ChoicePoint, TJ Maxx, Heartland, Target, Anthem, and many other leading organizations -- and presenting specific lessons you can start applying right now, regardless of your technical or business infrastructure.

Drawing on her immense personal experience with digital forensics, incident response, security awareness training, penetration testing, and web security assessment -- and her work teaching in venues from Black Hat to the Department of Defense -- Davidoff introduces today’s most comprehensive and practical framework for data breach response. You’ll discover:

  • Critical turning points throughout data breach events, and how to respond to each of them
  • How breach response lifecycles are changing: why classic incident response approaches are no longer sufficient, and what to do instead
  • How internal politics can affect data breach response, and what to do about it
  • How to read between the lines of public statements and notifications (or lack thereof)
  • What you need to know about breaches in retail and other specific industries -- and the limitations of standards such as PCI/DSS
  • How to protect against and recover from ransomware
  • How to assess products and services such as Commercial Off-The-Shelf Breach Response, cybersecurity insurance, and crisis management services
  • What you can do right now to make breach response less traumatic
  • An insider’s guide offering a new, systematic, and practical framework for data breach response: finally, an accessible, comprehensive playbook for what to do when
  • Built around in-depth and highly-specific case studies: what really happened at ChoicePoint, TJ Maxx, Heartland, Target, Anthem, Sony, Children's Hospital Boston, and more
  • Identifies critical decision points in high-profile data breaches, and explores the risks and benefits of the choices that were made at the time
  • Written by the hacker featured in the bestseller 'Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien"

What is a VitalSource eTextbook?

The full text downloaded to your computer.

With VitalSource eTextbooks you can:

  • search for key concepts, words and phrases
  • make highlights and notes as you study
  • share your notes with friends

eTextbooks are downloaded to your computer and accessible either offline through the Bookshelf (available as a free download), available online and also via the iPad and Android apps.

Upon purchase, you'll gain instant access.

Preface xvii
Acknowledgments xxiii
About the Author xxv


Chapter 1: Dark Matters 1
1.1 Dark Breaches 3
1.2 Skewed Statistics 13
1.3 Why Report? 18
1.4 What’s Left Unsaid 20

Chapter 2: Hazardous Material 23
2.1 Data Is the New Oil 30
2.2 The Five Data Breach Risk Factors 33
2.3 The Demand for Data 34
2.4 Anonymization and Renonymization 41
2.5 Follow the Data 44
2.6 Reducing Risk 51
2.7 Conclusion 54

Chapter 3: Crisis Management 55
3.1 Crisis and Opportunity 57
3.2 Crisis Communications, or Communications Crisis? 60
3.3 Equifax 70
3.4 Conclusion 75

Chapter 4: Managing DRAMA 77
4.1 The Birth of Data Breaches 79
4.2 A Smoldering Crisis 81
4.3 Prodromal Phase 85
4.4 Acute Phase 94
4.5 Reducing Harm 98
4.6 Chronic Phase 108
4.7 Resolution Phase 111
4.8 Before a Breach 114
4.9 Conclusion 117

Chapter 5: Stolen Data 119
5.1 Leveraging Breached Data 121
5.2 Fraud 121
5.3 Sale 123
5.4 The Goods 135
5.5 Conclusion 141

Chapter 6: Payment Card Breaches 143
6.1 The Greatest Payment Card Scam of All 144
6.2 Impact of a Breach 146
6.3 Placing Blame 150
6.4 Self-Regulation 153
6.5 TJX Breach 160
6.6 The Heartland Breach 167
6.7 PCI and Data Breach Investigations 171
6.8 Conclusion 174

Chapter 7: Retailgeddon 177
7.1 Accident Analysis 179
7.2 An Ounce of Prevention 191
7.3 Target’s Response 199
7.4 Ripple Effects 223
7.5 Chip and Scam 227
7.6 Legislation and Standards 236
7.7 Conclusion 237

Chapter 8: Supply Chain Risks 239
8.1 Service Provider Access 242
8.2 Technology Supply-Chain Risks 245
8.3 Cyber Arsenals 252
8.4 Conclusion 254

Chapter 9: Health Data Breaches 257
9.1 The Public vs. the Patient 258
9.2 Bulls-Eye on Healthcare 260
9.3 HIPAA: Momentous and Flawed 263
9.4 Escape from HIPAA 274
9.5 Health Breach Epidemic 279
9.6 After a Breach 295
9.7 Conclusion 300

Chapter 10: Exposure and Weaponization 303
10.1 Exposure Breaches 305
10.2 Response 310
10.3 MegaLeaks 323
10.4 Conclusion 336

Chapter 11: Extortion 337
11.1 Epidemic 339
11.2 Denial Extortion 340
11.3 Exposure Extortion 348
11.4 Faux Extortion 356
11.5 Conclusion 357

Chapter 12: Cyber Insurance 359
12.1 Growth of Cyber Insurance 361
12.2 Industry Challenges 361
12.3 Types of Coverage 362
12.4 Commercial Off-the-Shelf Breach Response 364
12.5 How to Pick the Right Cyber Insurance 367
12.6 Leverage Your Cyber Insurance 386
12.7 Conclusion 388

Chapter 13: Cloud Breaches 389
13.1 Risks of the Cloud 393
13.2 Visibility 400
13.3 Intercepted 409
13.4 Conclusion 413

Afterword 415

Index 417
Sherri Davidoff is a cybersecurity expert, author, speaker, and CEO of both LMG Security and BrightWise, Inc. She is a recognized expert in digital forensics and cybersecurity, and is coauthor of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012). Sherri has consulted and/or conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. She is a faculty member at the Pacific Coast Banking School, and is a frequent contributor of education articles and webinars. She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds a degree in computer science and electrical engineering from MIT.

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable upon changing cookie preferences. Disabling cookies may affect video functionality. More info...

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle.Â