Estimating Damages

By Lisa Vaas  |  Posted 2004-09-02 Print this article Print

Another option is to sift out information that isnt accessed much and put it into a separate directory, thus giving yourself a lightweight directory thats available unencrypted. Manion suggested a scenario in which you have an LDAP directory available via a Web interface, connected via SSL (Secure Sockets Layer). Thats conceivably a decent amount of protection, with the database encrypted in the background. It matters what the architecture looks like, obviously, Manion says. A more general question is, How sensitive is the data, and who should access it? If its very, very sensitive, perhaps it doesnt belong in a globally available directory in the first place.
How can I estimate the damage done to my companys brand if I have to notify my customers of a data breach? People ask this when their goal is to assemble a business case for spending more money on securing customer data. Its a fair question to ask, but its tough to find recent studies on the topic. Im still searching, so if anybody knows of any good resources, please send them my way.
For insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog. Of course, it probably goes without saying that you should sit down with your finance department to get their input on this question. Talk to your marketing and/or sales department. Look at your companys history and at that of your competitors. Has your company in any way fumbled its reputation within the recent past? Have your competitors done so? If so, take a look at revenue figures preceding and following the fumble. Ask sales reps or marketing personnel what kinds of experiences they had with customers. Ask them how long it took to regain their footing. Extrapolate. Chances are, it wasnt a pretty sight. Ill let you know when I come up with a more specific formula, but in the meantime, tell your management that youd rather not find out firsthand. Write to me at Associate Editor Lisa Vaas has written about enterprise applications since 1997. Check out eWEEK.coms Database Center at for the latest database news, reviews and analysis.

Be sure to add our database news feed to your RSS newsreader or My Yahoo page

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel