There isn't a week that goes by where another breach of a major organization's IT infrastructure is not announced, along with a laundry list of items that may have been compromised , including credit card numbers, Personal Identifying Information (PII), Personal Health Information (PHI), Social Security Numbers (SSN) or a host of other private information.

Organizations face civil and sometimes criminal penalties depending on what has been disclosed and subject themselves to downstream liability issues, compliance and regulatory problems, notification issues and litigation. Assessing the damage and getting a handle on the scope of an attack and what, if anything, was compromised is of the utmost importance. Vestige has experience with a wide range of relevant regulatory initiatives such as HIPAA, GLBA, FERPA, PCI and state legislation such as California's HB 1386 "data breach disclosure law" as well as 38 other states with parallel laws.

How Vestige helps in Privacy Matters

• Perform network forensic analysis to confirm breach
• Assess scope of data breach to understand what, if any, data was compromised
• Assist client in understanding and evaluating what response needs to occur and should occur
• Evaluate, secure and harden system to ensure incident is stopped and future breaches are eliminated or made more difficult
• Work with the organization, law enforcement, regulators and other interested parties in attempting to pull back and/or regain control of compromised data
• Conduct comprehensive IT General Controls audit, Network Penetration testing, and Incident Response Readiness audits
• Perform continuous and/or periodic monitoring of IT control environment to ensure compliance