Take a look at Case Project 7-6: Community Site Activity. You do not need to
logon to the Information Security Community site to complete this assignment.
Read through the narrative regarding Vendor A and Vendor B, then answer the
questions. Provide examples to support your answers. You might also find
guidelines for a suggested timeline, and cases where penalties were applied for
non-compliance. You might do a little research and determine if there are
regulations regarding disclosure for different industries, such as health
care. No more than two pages.

Vendor A was successfully attacked on Monday night and personal customer

information was compromised. The next day, Vendor A sent an e-mail to its customers

that it was the victim of a successful attack that occurredrecentlyin


whichcertain informationwas stolen. Vendor A did not detail what information

was stolen, what direct impact it may have on its customers, or what customers

should do about it, other than some generic statements. Vendor B was also

successfully attacked on Monday night. However, Vendor B waited 10 days

before revealing the attack to its customers, but they included detailed information

about the attack, its consequences, and how customers could protect themselves.

In both cases, clear and immediate information was not distributed. Should

vendors be obligated to inform customers when attacks occur and how to protect

ourselves? What should be the time line for doing so? What should be the

penalties if vendors do not follow such guidelines?