My central Iowa Infragard president, Tom Conley sent all our members a note on Wednesday with a link to a site that contains 9 variables to help demonstrate the range of financial impact to organizations that experience an incident involving personally identifiable information (PII).
The variables are actually a subset of a privacy breach impact calculator I created a few years ago that includes these costs and more. You can see an abbreviated version of it, which contains 21 variables, here.
I’ve used the full version of the calculator, which contains 36 variables, with great impact when speaking to business leaders about the need to implement safeguards. It is especially powerful when talking with CFOs…who usually control to a great degree the information security budget!
It is on my to-do list to update the calculator in 2008.
However, even if you don’t want to get the full version, I know the abbreviated version has been used by many organizations to help their business leaders see the realistic potential impacts of a privacy breach in terms they can understand and better appreciate than just hearing technical jargon.
A note about my breach calculator site, it is important for you to change the values that are pre-filled in the variable fields to values that are appropriate to *YOUR* organization. The numbers that you see when you first get to the site are merely place-holders. I had wanted to put all 0’s in the fields as the starting values, more like a regular calculator, but my publisher wanted to pre-fill the fields to show a scenario right off the bat when you go to the site.
If you have any comments or suggestions regarding my calculator, please let me know!
Tags: awareness and training, Information Security, IT compliance, policies and procedures, privacy, privacy breach, privacy incident, privacy management toolkit, risk management, security risk, security training