This article is the third in a four-part series describing some of the challenges to conducting breach investigations in response to increasingly sophisticated attacks. In Part 1, entitled “Right-Sizing the Data Breach Investigation,” published in Law360 on March 26, 2013, we provided an overview of the evolving advanced cyber threat landscape and the three common breach response scenarios (internal investigations to fix technical problems, investigation to assess payment card exposure and investigations to determine compliance with state data breach notification statutes). In Part 2, entitled “Understanding the Role of the PFI in Payment Card Breaches,” published in Law360 on April 19, 2013, we took a closer look at responses involving payment card breaches—both because of their unique nature and their potentially grave implications. This Part 3, published in Law360 on July 16, 2013, discusses both the need, and the underlying framework, for conducting an “enterprise impact” investigation in appropriate circumstances.
Please click the following link for a full version of “Conducting Enterprise Impact Investigations.”