A decidedly up-beat Computerworld article identifies 5 significant security improvements that were spurred on, if not triggered, by the theft of a U.S Department of Veterans Affairs laptop and external hard drive containing personal data on 26.5 million vets and active-duty military personnel:
1. A greater focus on data encryption within government
2. Stronger breach notification guidelines within agencies
3. More attention to data retention, classification and minimization
4. Stronger remote access policies
5. More authority for agency CIOs
The piece is so positive in style, it almost smacks of wishful thinking or marketing spin but even if only partly true, these are all indeed worthwhile changes, especially if they are as widespread in US Government circles as the journalist says.
It is a shame, of course, that it took a massive security breach (ex facto rather than a priori risk analysis) to prompt the changes but nevertheless this is a good example of closing the circle on an incident.