Data Breaches Exposed: Downs, Ups, and How to End Up Better Off

Why do some organizations emerge from a data breach unscathed, while others are badly damaged, or even collapse? How can you make smart choices to protect your organization before and after a data breach? This book exposes the high-octane world of data breach disclosure and response, where IT help desk staff have the power to save or destroy a company, and cutting-edge attorneys must often parachute in to save the day. You’ll watch as one of the world’s most experienced cybersecurity professionals dissects high-profile data breaches, reveals what happened, and reveals exactly what you can do to navigate a massive data breach -- quickly mitigating damage to your digital assets, finances, and organizational reputation.

Sherri Davidoff teaches through storytelling, making this book powerfully accessible and practically useful to everyone from the boardroom to the server closet. Along the way, she reveals what the press didn’t cover about attacks on ChoicePoint, TJ Maxx, Heartland, Target, Anthem, and many other leading organizations -- and presenting specific lessons you can start applying right now, regardless of your technical or business infrastructure.

Drawing on her immense personal experience with digital forensics, incident response, security awareness training, penetration testing, and web security assessment -- and her work teaching in venues from Black Hat to the Department of Defense -- Davidoff introduces today’s most comprehensive and practical framework for data breach response. You’ll discover:

• Critical turning points throughout data breach events, and how to respond to each of them
• How breach response lifecycles are changing: why classic incident response approaches are no longer sufficient, and what to do instead
• How internal politics can affect data breach response, and what to do about it
• How to read between the lines of public statements and notifications (or lack thereof)
• What you need to know about breaches in retail and other specific industries -- and the limitations of standards such as PCI/DSS
• How to protect against and recover from ransomware
• How to assess products and services such as Commercial Off-The-Shelf Breach Response, cybersecurity insurance, and crisis management services
• What you can do right now to make breach response less traumatic

為什麼有些組織在數據洩露事件中毫髮無傷，而其他組織則受到嚴重損害，甚至倒閉？在數據洩露事件之前和之後，您如何做出明智的選擇來保護組織？本書揭示了數據洩露披露和應對的高能量世界，其中IT幫助台人員有能力拯救或摧毀一家公司，尖端律師經常需要跳傘來拯救局面。您將目睹世界上最有經驗的網絡安全專家剖析知名數據洩露事件，揭示發生了什麼，並準確指出您可以採取的措施，以迅速減輕對您的數字資產、財務和組織聲譽的損害。

Sherri Davidoff通過故事講授，使本書對從會議室到伺服器機櫃的每個人都具有強大的可讀性和實用性。在此過程中，她揭示了媒體未報導的有關對ChoicePoint、TJ Maxx、Heartland、Target、Anthem和許多其他領先組織的攻擊的內幕，並提供具體的教訓，無論您的技術或業務基礎設施如何，您都可以立即開始應用。

借助她在數字取證、事件應對、安全意識培訓、滲透測試和網絡安全評估方面的豐富個人經驗，以及她在Black Hat到國防部等場合的教學工作，Davidoff介紹了當今最全面和實用的數據洩露應對框架。您將了解到：

- 數據洩露事件中的關鍵轉折點，以及如何對每個轉折點做出回應
- 數據洩露應對生命周期的變化：為什麼傳統的事件應對方法已不再足夠，以及應該做些什麼
- 內部政治如何影響數據洩露應對，以及應該如何應對
- 如何從公開聲明和通知（或其缺乏）中看出端倪
- 關於零售和其他特定行業的洩露事件需要了解的內容，以及PCI/DSS等標準的局限性
- 如何保護自己免受勒索軟件的侵害和恢復
- 如何評估商業現成的洩露應對產品和服務、網絡安全保險和危機管理服務
- 您現在可以做些什麼來使洩露應對更少受創傷