Presentation Material
AI Generated Summarymay contain errors
The speaker, an expert in content summarization, shares their opinion on the importance of reporting and disclosing data breaches. They emphasize that a bi-directional information flow is crucial between the breached entity and authorities, such as CERT, to ensure that the necessary parties are informed.
The speaker cites the example of Heathrow Airport, where a security-conscious individual found a USB drive containing private customer data and reported it to the police, who then notified the central authority. This led to a fine being imposed on Heathrow Airport. The speaker praises this incident as an example of correct infrastructure for reporting breaches.
They highlight three essential components for effective breach reporting: incentive (reporting should be rewarded or recognized), informed (central authorities should be notified), and impact (those responsible for the breach should face consequences). The speaker believes that more breaches and disclosures are necessary for the evolution of cybersecurity, citing an analogy about a baby stopping crying when picked up by its mother as an example of how we learn from our experiences.
In conclusion, the speaker emphasizes the importance of doing what is right for the organization, industry, and country in terms of cybersecurity, rather than trying to please others. They quote Martin Luther King Jr.’s saying that everyone should do their job well, regardless of its nature or significance.