Site Menu

What’s the value of a laptop?

By Jim Hietala
Published 02/2/2009

The obvious answer is it depends. It might be $1,500 if it’s a nice new laptop with no data on it. News last week on the VA security breach from a couple of years ago sets a new upper bound on the value at $20M, which is the cost to settle a class action suit related to their “lost laptop” breach.

I see this development as sort of a second wave of external factors that will influence how seriously senior management considers information security. The first wave was all the security breach notification laws that force disclosure, and that have caused all of the publicity around them. No one in senior management wants to be the next TJX, Hannaford, or Heartland.

My hypothesis for a while now has been that we would see big class action lawsuits as a result of some of the breaches of the past few years, and the VA settlement is evidence that there can be huge financial impacts as a result of these breaches and the class action lawsuits. In the VA suit, I don’t believe they even proved any direct identity theft related to the breach. Money talks…and the class action legal community will likely move rapidly towards this opportunity. A class action lawsuit has already been filed in the Heartland breach as well.

Jim

Jim Hietala

Jim Hietala, CISSP, GSEC, is Research Director and a principal of Compliance Research Group, providing research, analysis, and consulting services in the areas of compliance, risk management, and IT security. He is also the Vice President, Security for The Open Group, where he manages all security and risk management programs and standards activities.

Jim has provided research and consulting services to organizations such as SANS, The Open Group, and a number of IT security and compliance vendors. He is a frequent speaker at industry conferences, and he recently authored a comprehensive course on IT risk management. He participates in the SANS Analyst/Expert program, having written several research whitepapers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

An industry veteran, he has held leadership roles at ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric Network, and Digital Pathways. He developed and launched the industry’s first remote access VPN service (Concentric RemoteLink) and encrypting ISDN router (at Network Express), and launched a compliance and risk management software start-up in the IT-GRC market.

He holds a B.S. in Marketing from Southern Illinois University.

Blog: www.compliancefocus.com

Twitter: http://twitter.com/jim_hietala

LinkedIn: http://www.linkedin.com/in/jimhietala

Blogging focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy

Jim can be reached at: jim@compliancefocus.com