Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Breach Disclosure: Engaging the Enemy

When does preemptive breach disclosure make sense?

By

February 01, 2004CSO — You've made a big arrest. You've uncovered hostile activity before any damage was done. Is it ever wise to take a preemptive approach to disclosure, to brag to the world of the virtues of your crack security team?

The short answer is no, no, never and no. Security experts unanimously agree that it's never a good idea to release security news, happy or not, unbidden. But there is one clear exception: If the press is going to find out come hell or high water.

Last September, a former Guantanamo Bay translator was arrested at Logan International Airport in Boston with hundreds of CDs of allegedly classified information in his luggage. That same day, Massport Director of Corporate Security Dennis Treece informed his director of media relations, José Juves, that the man had applied for a job at Logan Airport in the days immediately following Sept. 11, 2001.

Rather than have that fact dribble out later and overshadow the good news of the successful arrest, Juves took the news to the media himself. "That way, we were able to get ahead of the story and to put it in context," he says. "If it came out two or three days later, the emphasis would be on how Massport reacted, rather than on the arrest itself."

And it's always best, Juves says, to try to contain coverage to as few news cycles as possible. "When people see several stories on the same incident out there on successive days, even if it's positive, it starts to erode their confidence. As much as possible, we try to have all the information out there at the same time."

Read more about data protection in CSOonline's Data Protection section.

Other stories by Tracy Mayor

RESOURCE CENTER