Co3 Systems

Co3 Systems offers customers a cloud-based Co3 portal ($5,000 for annual subscription) to help businesses calculate the ramifications of a successful security incident?data breach, cyber-attack, or even just a lost laptop?and develop appropriate incident plans long before the event occurs. As recent data breaches, such as the massive one at Global Payments have shown, businesses have to think about and plan what they will do in the advent of a data breach long before it actually happens.

Considering that many of the state regulations and federal compliance requirements require that companies suffering a breach respond quickly, there really isn't time to figure out what to do and then execute the plan. In fact, spending those critical first few days deciding what to do next after data has been exposed can wind up being tremendously expensive for the company.

The cloud-based incident recovery analysis tool from Co3 Systems helps businesses face the worst-case scenario. External attackers have breached the network and wandered off with a sensitive customer database. The top sales guy copied a client list onto his laptop before leaving for a roadshow, and lost the computer and all the data at the airport. A disgruntled executive has copied a customer mailing list onto a USB drive and quit the company.

What Co3 Does
Co3 takes these incidents?and other similar scenarios?and analyzes the important details to figure out if there are any state laws or federal regulations that apply, and what needs to be done so that they don't incur regulatory fines. The application also calculates a total cost of what happens if the business doesn't take those steps in the aftermath of a security incident.

Since it's software-as-a-service, Co3 Systems can easily update its software to maintain the most up-to-date rules about state laws and compliance requirements. Businesses don't have to maintain the list, or remember to update the rules every so often. When they log on to the platform, they know they always have access to the latest information Businesses, focused on preventing data breaches and leaks, often forget to plan for technology and process failures.

For some businesses, shelling out $5,000 (or more) for an annual subscription might seem high, but this is the perfect example of how one should spend money now to save money later. Data breaches themselves are costly. Considering that the Ponemon Institute pegs the total organizational cost of a data breach at $5.5 million, which includes legal liabilities, impaired productivity, and other losses, spending in the neighborhood of $5,000 to reduce the legal liabilities sounds like a bargain. I created an incident report for the Global Payments breach, and saw that despite affecting a "limited" number of MasterCard and Visa users, the payment processor faced over $1 million in potential fines.?

Events Vs. Incidents
Co3 differentiates between an event and an incident. Events are things that have already happened, such as someone losing a laptop. Incidents are a bit more serious, as they refer to scenarios that could happen. If that lost laptop had sensitive personal identifying information that wasn't encrypted, then someone finding it could become an incident. Business would list events in the application, keeping track of everything that is happening.

When one of the events develops into an incident, the business can generate an incident response plan and get started on each of the checklist items. Even though Co3 treats events and incidents differently in the interface, but it's not always clear when to draw that line within the application, and it took me some time to get used to making that distinction.

The platform also allows the business to develop simulations to create what-if scenarios to see what could possibly happen in the case of an incident. It is also possible to create privacy impact assessment and risk assessments as part of risk planning.

Patchwork of Regulations
The platform draws on a constantly updated database of requirements from 46 states, three commonwealths, and 14 federal agencies when creating the action list. Businesses have difficulty navigating the various requirements, some of which are more stringent than others. The deadlines for breach notification also vary wildly. Maine, for example, requires organizations to notify the affected customer within seven days of discovering the incident. Other states are more generous, giving a few weeks or several months of time.

The kind of information that has to be disclosed, and the type of language used in the notification letter, also varies by state. Co3 presents templates and necessary forms to simplify the entire process.

music awards 2011 jill biden jill biden al mvp ama awards 2011 ama awards 2011 uekman