<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<table class="backgroundTable" width="100%" bgcolor="#ffffff"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top" align="left">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.06030909.05010808@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
valign="top"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4Cast #286: Responding
to a breach</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">June 13th, 2012</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.oplin.org/4cast/wp-content/uploads/2012/06/risk-fingerprint.png"><img
class="alignleft wp-image-2785"
title="fingerprint"
src="cid:part4.00010609.05080805@oplin.org"
alt="" width="79" height="97"></a>Last week's
revelation that millions of LinkedIn passwords had
been stolen was just the latest in a long line of
data breach stories. While public libraries don't
store millions of passwords or credit card
numbers, they do store a lot of patron data, and
things as mundane as people's street addresses are
beginning to be considered sensitive information
by some security experts. With luck, your library
ILS vendor has not made the same mistake that
LinkedIn made and stored sensitive user
information with relatively weak encryption. But
if the worst should happen and your library system
gets hacked, what's the best way to respond? Are
there lessons to be learned from the misfortune of
previous data breach victims?
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://securitywatch.pcmag.com/social-networking/298920-dissecting-linkedin-s-response-to-the-password-breach">Dissecting
LinkedIn's response to the password breach</a>
(PC Magazine/Fahmida Y. Rashid) "'We are
contacting all members we believe could
potentially be affected, starting with those who
we believe are at the greatest risk. We have
already initiated the outreach,' a LinkedIn
spokesperson said in an email. She was unable to
provide any other details. I was very concerned
about LinkedIn's focus on members at 'greatest
risk.' How do they define this?"</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.networkworld.com/news/2012/011712-zappos-data-breach-254971.html">Zappos
data breach response a good idea or just panic
mode?</a> (Network World/Ellen Messmer)
"...online shoe and clothing retailer Zappos has
taken assertive steps, including compelling
customers to change passwords, plus temporarily
foregoing 800-number phone service in an effort
to redeploy customer-service representatives to
respond to customer email."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.bankinfosecurity.com/interviews/heartland-ceo-on-breach-response-i-1531">Heartland
CEO on breach response</a> (BankInfo
Security/Tracy Kitten) "...[Bob Carr, CEO of
Heartland Payment Systems] says information
sharing is key, especially among other payments
processors. 'Don't minimize the impact,' Carr
says. 'Share information. ... The bad guys might
be in somebody else's system, so it is good for
everyone to communicate.' Although a great deal
has changed since 2009, when Heartland's breach
was exposed, Carr says open communications,
especially for publicly-traded companies, will
pay dividends in the long run."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.informationweek.com/news/security/management/231700195">Data
breach response plans: Yours ready?</a>
(Information Week/Mathew J. Schwartz)
"Timing-wise, for example, don't assume that <a
href="http://www.informationweek.com/news/security/attacks/230800152">immediately
disclosing a breach</a> should be the first
step. 'I've seen organizations that totally
jumped the gun-We've got to do it- and they've
notified, but have no response mechanism in
place for the individuals who have been
affected, so it's adding insult to injury,'
Brian Lapidus, chief operating officer of Kroll
Fraud Solutions, tells me. 'We always tell our
clients that if they're going to notify about
the problem, say what the solution is at the
same time, and give them avenues to call or
contact you back.'"</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Breach
facts:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">The three
breaches mentioned above affected: 6.5 million
LinkedIn users; 24 million Zappos customers; and
130 million Heartland credit card accounts.
[And one more fact: OPLIN's plan for <a
href="http://oplin.org/content/information-technology-security-management#Security_Incident_Response">Security
Incident Response</a> is included in our overall
Information Technology Security Management plan.]
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >="" valign="top" width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"><span
style="font-size: 10px; color: rgb(96, 96, 96);
line-height: 100%; font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);" valign="top"
width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg">
<br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
</body>
</html>