It has become imperative for organizations to engage with law enforcement agencies in the wake of a data breach - and often even before a breach occurs, says Sapan Talwar, former IT security leader at Adobe and CEO of Aristi Ninja. "Trying to build a trust relationship with law enforcement agencies is important even if there isn't a breach," he says. "This is an important aspect because if we are tying up with them in some sense or the other prior to an incident, it will definitely help."
In an interview with Information Security Media Group, Talwar says although there aren't any hard and fast rules in India, companies should inform clients right after a breach has happened in case there is sensitive data to be shared with law enforcement agencies. "A company must first distinguish between a breach and an incident. Accordingly it can decide whether to approach the LEA or not," he says.
As a panelist at ISMG's Fraud and Breach Prevention Summit which is being organized on 9th August in Delhi, Talwar will share his experiences as a practitioner in tackling the security breaches and discuss the approach to effectively engage with LEAs and regulators.
In this interview (see audio link below the image), Talwar offers insights on:
- When should an organization engage with law enforcement agencies;
- Whether sharing sensitive information with LEAs is a must;
- What should be expected of LEAs and regulators.
Talwar brings more than 19 years of experience areas including IT risk management, information security, security compliance and governance. He has worked for global companies including Adobe, Aricent and Aon in leadership roles, with security services delivery responsibilities at country, regional and global level.