What Does "One Hour" Mean for Incident Response?
Yesterday, 8 January 2014, was the 11th birthday of TaoSecurity Blog . Please check out my happy 10th birthday post if you want to know why I don't blog much! In brief: Twitter . I just read a story which I thought required more than 140 characters of attention: OMB revising data breach reporting requirements by Jason Miller. It says in part: GAO found OMB's requirement to submit information about data breaches to the DHS U.S. Computer Emergency Readiness Team (US-CERT) within an hour after discovering the breach is of little value... "Officials at agencies and US-CERT generally agreed that the current requirement that PII-related incidents be reported within one hour may be difficult to meet and may not provide US-CERT with the best information," auditors wrote. "Specifically, officials at the Army, FDIC, FRB, FRTIB, and SEC indicated that it was difficult to prepare a meaningful report on a PII incident to US-CERT within the one-hour time frame requir...