Against a background of increasing security incidents, both in frequency and complexity, and where forthcoming European data protection legislation will place a 72-hour timeframe on regulatory reporting, which will oblige consumer notification ‘without undue delay’, the need for businesses to be able to managed security and privacy events grows ever bigger.
Add into that mix the fact that the European Court of Justice has struck down data retention rules for electronic communication providers, which is set to complicate organisations’ data retention policies and consequently, putting them in the position of possibly breaching response obligations.
This is the background to the decision of US-based Co3 Systems to launch its suite of Incident Response Management Systems into Europe. This branch of IT security is defined by the company as collaboration software that brings people, process, and technology together for a time of crisis. The company is led by a team of security entrepreneurs including security expert, Bruce Schneier, who is Chief Technology Officer.
Co3's Privacy Module was the first daily use and preparedness tool for privacy incidents, and the company claims it is now considered as the industry standard. It provides an automated way to ensure consistency and accountability—across teams, organisations and external stakeholders—in managing incidents that concern personally identifiable information (PII).
The Security Module extends the capability to manage response to security events such as malware infections, phishing-related compromise, Distributed Denial of Service (DDoS) attacks, device or Intellectual Property theft, and system intrusions.
Together, the Modules provide the most comprehensive solution to prepare, assess, manage and mitigate privacy breaches and security incidents.
The company has already signed up its first European customers without any formal announcement till now, and is aiming at being a driving force in the application of best practices in handling incident responses, which both need to evolve constantly and to be hard wired into organisations, to ensure that remediation and reporting is timely, compliant and technically effective.
“I have long advocated that good security is about the balance between prevention, detection and response,” Bruce Schneier, CTO at Co3 Systems. “Having one without the other makes no sense. What we’ve built is the first software to bring people and technology together to provide resilient response.”
Co3 Systems is now setting up a European channel programme, with cyber intelligence service provider, OpenSecure. being the first member appointed. explained:
“Quite simply, people need to know what to do when a cyber attack or breach happens,” said OpenSecure’s Managing Director, Garath Lauder. “So we think that there is real need, and a real opportunity. We are the first service provider in Europe to offer an automated, end to end remediation and reporting workflow.”