From: Infosecurity-Magazine.com

When Bruce Schneier suddenly left BT in December, he hinted that he would explain his future plans in the new year. On what was for most people the first working day of 2014 he did just that – Schneier is the new CTO of start-up firm Co3. He has reunited with John Bruce, formerly CMO at Counterpane (the company Schneier sold to BT) and now CEO at Co3.

Schneier describes good security as a combination of ‘protection, detection, and response,’ but believes that the last element is poorly served by the security industry.  “While there are many companies that offer services to aid in incident response – mitigation, forensics, recovery, compliance – there are no comprehensive products in this area,” he announced yesterday. “Well, almost none. Co3 Systems provides a coordination system for incident response…”

Incident response is of growing importance on both sides of the Atlantic. It is founded on two currently increasing premises: firstly that there is an inevitability about security incidents; and secondly that regulatory and legislative requirements on incident handling are becoming both more intrusive and more punitive. One aspect of the EU’s planned General Data Protection Regulation (GDPR), for example, is a 24-hour breach notification regime (already required for communications providers) backed up by sanctions based on worldwide turnover for breaches of the regulation.

Read Complete Article