Venable's Managing Director of Cybersecurity Services, Ari Schwartz, was quoted in a January 9, 2017, Federal News Radio article on a recent Office of Management and Budget (OMB) memo addressing data breaches. The memo consolidates and updates four previous memos and instructs federal agencies to develop response plans for data breaches involving personally identifiable information within the next six months.
"The goal here is to organize and take the lessons we've learned over the last 10 years," said Schwartz. "Over the last 10 years since the breach at the Veterans Affairs Department, we learned a lot and there are things agencies have to do differently now than in the past and hopefully this will last longer than the last memos." He noted that previous guidance instructing agencies to report every incident led to confusion and inconsistent reporting.
"If agencies can respond quickly, then they can limit the damage from a breach," Schwartz added. "If you build an incident response plan and exercise it, you will know what you need to work on first. If you try to go through in alphabetical order, you will have problems. It becomes very clear what you’ve done right and what you are missing, and then you can prioritize what you need to do if you exercise your response plan. It's a risk management approach."