Group items tagged

IT security typically has been deemed one of those services best provided in-house. But the stigma attached to outsourcing security and Security as a Service -- namely that an outsider does not know your company well enough to protect it -- may be falling away, as businesses look for more ways to cut costs. Certainly, some heavy-hitter providers believe attitudes are changing. This month, McAfee Inc. announced its new SaaS Security Business Unit. Headed by former Hewlett-Packard Co. SaaS executive Marc Olesen, the unit will oversee all McAfee products delivered over the Internet, including security scanning services, Web and email security services and remote managed host-based security software and hardware. Meanwhile, last April, IBM launched some hosted and managed services that it says help midsized businesses better manage risk and improve the security of their IT systems, all while offering cost savings over traditional products. Indeed, much of IBM's security strategy during the next 24 months will focus on moving security technologies into the cloud and expanding its managed services offerings, said Jason Hilling, an enterprise services business line executive with IBM Internet Security Systems. That includes providing some hosted implementations of technologies that once were located only at the customer premises. "Because the economy is struggling, I think there will be enough excitement in the marketplace over the cost benefits of Security as a Service that we are going to see a much higher degree of willingness to look at it as a real viable option," Hilling said. Hilling contended that a midmarket company with between 500 and 700 employees can realize costs savings from 35% to upwards of 60% by doing security as a managed service. Savings diminish as the deployment gets larger and more complicated, and the costs of managed services escalate. Yet outsourcing security is not just about cost. The world is becoming very hostile, said Sadik Al-Abdulla,

A disconnect exists between federal government CIOs, CISOs and IT hiring managers and the human resources professionals charged with finding qualified candidates with cybersecurity skills, according to a just-published report. The report, Cyber In-Security: Strengthening the Federal Cybersecurity Workforce from the Partnership for Public Service, concludes that IT managers are less satisfied than their HR counterparts with the quality of cybersecurity recruits and the time it takes to hire IT security personnel. "The human capital management process is broken; operations and HR people should be joined at the hip and collaborate across the government," the report quotes Norman Lorentz, former chief technology officer at the White House Office of Management and Budget. Indeed, one third of chief information officers, chief information security officers and IT hiring managers surveyed for the report expressed unhappiness with candidate quality vs. 10 percent for HR managers. Sixty-one percent of HR managers vs. 40 percent of IT managers expressed satisfaction with candidate quality (see chart).

"In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information. "Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information." GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services. "Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats." Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

"Sun Microsystems, Inc. and Deloitte today announced a collaborative initiative to help companies develop efficient, cost-effective and sustainable technology and business processes to address their unique regulatory compliance and technology governance challenges. As part of this initiative, Sun and Deloitte today announced their plans for the Center for Technology Governance and Compliance (CTGC), which combines Deloitte's consulting and advisory services with Sun's IT management solutions and services, including its Information Lifecycle Management (ILM) and Identity Management technology portfolios. Access to the professionals and services within the CTGC is available through Sun Solution Centers. To learn more, please visit http://www.sun.com/compliance or http://www.deloitte.com/ . As a worldwide leader in network computing systems, Sun provides scalable solutions designed to protect and manage business-critical information through its lifecycle. The combination of Deloitte and Sun brings together complementary competencies to deliver a business-driven, technology-enabled framework for creating and implementing technology governance and compliance strategies and programs."

It's hardly a bed of roses these days for IT companies and their managers. There are plenty of things nagging at high-tech vendors, too, according to the annual RiskFactor Report for Technology Businesses published by the financial consultancy, BDO Seidman. The information was gleaned from fiscal year 2008 10-K SEC filings of the 100 largest publicly traded U.S. tech companies. Strong competition and consolidation risk factors top the list of IT managers' concerns. Failure to develop new products or services is also a big headache. Other items making the worry list: * International operations. * Management of current and future M&As. * And, for the first time: Natural disasters, war, conflicts and terrorist attacks. So how should a top manager deal with all this uncertainty? Play some tennis, go for a run, gobble a few Tums and then forge ahead with the best ideas you have.

Identity theft concerns are focused on the security and necessity of the collection process. Collecting personal information just because you can is unsafe. Organizations can reduce privacy risks by not collecting unnecessary personal info. Once the data gets into the data life cycle pipeline, the cost of managing and destroying it escalates. The Federal Trade Commission estimates that as many as 9 million people have their identities stolen every year. According to the Privacy Rights Clearinghouse, more than 200 million instances of data breaches have occurred since the beginning of 2005, and they show no signs of letting up. In the first quarter of 2008 alone, more than 85 million incidents were reported. The causes of data breaches run the gamut: Hackers get unencrypted, transmitted data and data at rest; laptops are stolen or lost; storage Relevant Products/Services devices are lost by third-party shipping companies; flash drives or PDAs are left lying around; Social Security numbers are accidentally printed on envelopes; or data is found on discarded computers. This article examines the organizational risks to CPAs and their clients or corporate employers of improperly managed data throughout the data life cycle. It also discusses best data management practices and proper procedures for responding to a data breach. Data breaches, whatever the cause, are costly. According to a study by the Ponemon Institute, the average cost of a data breach in 2007 was $6.3 million. The average cost to an organization per record compromised is about $197, which is typically spent on phone calls for customer notification, providing free credit monitoring, discounts on membership fees, or discounts on merchandise to make up for the security Relevant Products/Services breach. Some organizations also experience an increase in customer turnover. The organization typically spends additional money in data protection Relevant Products/Services enhancements. Companies sanctioned by

For most insurers, business intelligence means point solutions at best. But those carriers that weave analytics into the fabric of their organizations are equipped to drive more precision in pricing and greater profitability to the bottom line. For businesses that run on the analysis of information, insurers have proven notably reluctant to apply business intelligence (BI) and analytic technologies to risk management at both the corporate strategic level and in the front lines of underwriting. For a variety of reasons, enterprise risk management (ERM) solutions have been talked about far more than implemented, and BI and predictive analytics generally have been applied haphazardly or piecemeal, if at all. The financial crisis, however, has heightened interest in risk management technologies, owing to senior executives' fears of disastrous overexposure to risk. Their concerns are legitimate, but for insurance more than any other financial services sector, risk also is opportunity, and BI should be utilized more as a competitive weapon than a defensive shield. As insurance has become commoditized and investment returns have become less reliable, carriers' ability to more precisely analyze and underwrite risks can be a key source of competitive differentiation.

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host. Amazon's Elastic Compute Cloud (EC2) is a web service software developers can use to access computing, compilation and software trialling power on a dynamic basis, without having to install the resources locally. Now a developer, Brett O'Connor, has come up with a step-by-step method for using the same service to host an open source BitTorrent application called TorrentFlux. Getting this up and running on Amazon would require some technical know-how, but would be within the reach of a moderately experienced user, right down to following O'Connor's command line low-down on how to install the public TorrentFlux app straight to Amazon's EC2 rather than a user's local machine. Finding an alternative way of using BitTorrent matters to hardcore file sharers because ISPs and admins alike are increasingly keen to block such bandwidth-eating traffic on home and business links, and O'Connor's EC2 guide was clearly written to that end - using the Amazon service would make such blocking unlikely. "I created a web-based, open-source Bittorrent 'machine' that liberated my network and leveraged Amazon's instead," says O'Connor. He then quips "I can access it from anywhere, uploading Torrent files from wherever, and manage them from my iPhone." However, security company GSS claims the guide shows the scope for possible abuse, using EC2 to host or 'seed' non-legitimate BitTorrent file distribution. "This means, says Hobson, that hackers and other interested parties can simply use a prepaid (and anonymous) debit card to pay the $75 a month fee to Amazon and harvest BitTorrent applications at high speed with little or no chance of detection," said David Hobson of GSS. "The danger here is that companies may find their staff FTPing files from Amazon EC2 - a completely legitimate domain -

Federal Communications Commission Chairman Julius Genachowski will unveil in a speech on Monday new proposals that would force Internet providers to treat the flow of content equally, sources familiar with the speech said on Friday. The concept, referred to as net neutrality, pits open Internet companies like Google Inc against broadband service providers like AT&T Inc, Verizon Communications Inc, and Comcast Corp, which oppose new rules governing network management. Advocates of net neutrality say Internet service providers must be barred from blocking or slowing traffic based on content. Providers say the increasing volume of bandwidth-hogging services like video sharing requires active management of their networks and some argue that net neutrality could stifle innovation. "He is going to announce rulemaking," said one source familiar with his speech about broadband, to be delivered at the Brookings Institution, a public policy think tank. "The commission will have to codify into new regulations the principle of nondiscrimination." The FCC could formally propose the rules aimed at applying to wireless and landline platforms at an open meeting in October.

Ignorance is bliss!

IT professionals are under pressure from upper level executives to open the floodgates to the latest Web-based platforms, relaxing Web security policy, according to a new survey of 1,300 IT managers. The survey, conducted by independent research firm Dynamic Markets Ltd., was commissioned by Web, DLP and email security vendor Websense Inc. Dynamic Markets conducted interviews with IT managers in Australia, Canada, China, France, Germany, Hong Kong, India, Italy, the U.K. and the U.S. Nearly all those surveyed said they allow access to some Web-based services, such as webmail, mashups and wikis. But more employees are turning to online collaboration platforms; some are turning to Google Apps, which are integrated with Google's Gmail platform, and others are turning to popular social networking sites, such as Twitter and Facebook. Some users are bypassing Web security policy to access the services, according to 47% of those surveyed.

There is an old axiom in marketing circles that it costs more money to acquire new customers than to retain and service your old ones. In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold. Since the business environment has slowed for now, showing your clients additional "value added" services rather than simply a lower price, for example, will be critical. Companies should be taking an introspective look for differentiating factors in the areas of security and privacy "value," and how they can leverage what they uncover - a competitive advantage. How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against. It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize. Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort. Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the "value add" conversation and validate why your clients placed their trus

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

In this expert videocast, you will learn about Web 2.0 software, the threats they pose, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs. Our expert also dives into particular attack vectors and scenarios that are becoming popular, defensive policy, and technology best practices and Web 2.0 trends to monitor going forward. Speaker David Sherry CISSP, CISM - CISO, Brown University As chief information security officer of Brown University, David Sherry is charged with the development and maintenance of Brown's information technology security strategy, IT policies and best practices, security training and awareness programs, as well as ongoing risk assessment and compliance tasks. Sherry has 20 years of experience in information technology. He most recently worked at Citizens Bank where he was vice president for enterprise identity and access management, providing leadership for compliance and security governance. He had also served as Citizens' vice president for enterprise information security, overseeing the company's security operations and controls. He has taught classes at colleges in both Massachusetts and Rhode Island, as well as spoken on identity management strategy and implementation at industry conferences. He holds undergraduate and graduate degrees in business management.

"In dire economic times such as these, companies are scouring their internal functionalities seeking ways to run "leaner and meaner." Operations and personnel that do not ostensibly contribute to profit are at risk. And nowhere are employees more vulnerable than in New York City, the nation's center for financial services, an industry particularly devastated. Because the influence of privacy on profit is not immediately apparent, managers searching for excisable fat will doubtless be attracted to the privacy function, concluding that it makes no contribution to the bottom line. But although many view privacy solely as a legal concept, it often provides important commercial benefits. Where privacy does indeed contribute to profit, chopping away at privacy will be counterproductive, slicing off meat and bone, rather than fat. If management is not educated to this fact, the privacy function will be at unnecessary risk. There are 11 reasons why privacy may benefit the bottom line, which should be raised with management."

"Lora Bentley spoke with Anzen analysts Megan Brister and Jordan Prokopy via e-mail regarding behavioral advertising - what companies are doing, what regulators want to do and what we, as advertising consumers, need to know. With their coworker Miyo Yamashita, the analysts recently wrote a guest opinion for IT Business Edge. Bentley: Why are so many concerned about privacy when it comes to behavioral advertising? What is it about the Internet that convinces consumers that information they share there is not being used? Brister and Prokopy: Most concerns stem from the lack of transparency around data disclosure practices. While consumers may value a Web site's product and service offerings, they are generally unaware that businesses share their information with an extensive group of other businesses in order to deliver targeted advertising. This group includes news Web sites, advertising networks, profiling services, and Web analytics providers, to name a few. As Pamela Jones Harbour, a Commissioner at the Federal Trade Commission (FTC), discussed at the FTC Roundtable earlier this week, there is an asymmetry between consumer perceptions and business realities. Once consumers are informed of businesses' data handling practices, they will want to have more control over how businesses manage their information. As we discuss in our article, some businesses engaged in online behavioral advertising have been slow to adopt transparent consumer data management policies. This is a concern particularly for vulnerable groups, such as minors or non-English speaking consumers, because they may not understand legally written policies. Consumer advocacy groups argue that without knowledge and control over the collection, use, and disclosure of data, Web sites may misuse or expose sensitive data about consumers' health, lifestyles and finances."

Federal regulators on Tuesday met to hear about whether the benefits of cloud computing justify increased regulation, as privacy activists claim, or whether such an approach would do more harm than good. "We need to be smarter about dealing with technology, and cloud computing is posing (a) risk for us," said Hugh Stephenson, deputy director for international consumer protection at the Federal Trade Commission's Office of International Affairs. The FTC convened the two-day meeting in its offices here, which follows a series of similar workshops held in previous years on topics like spam, privacy, and behavioral advertising. The agency may file lawsuits to halt "unfair or deceptive acts or practices," meaning that if cloud computing is not unfair or deceptive, the FTC would likely not have jurisdiction. To secure personal information on the cloud, regulators may have to answer questions such as which entities have jurisdiction over data as it flows across borders, whether governments can access that information as it changes jurisdiction, and whether there is more risk in storing personal information in data centers that belong to a single entity rather than multiple data centers. The current panoply of laws at the state, national, and international level have had insufficient results; FTC Commissioner Pamela Jones Harbour cited a 2008 PricewaterhouseCoopers information security survey (PDF) in which 71 percent of organizations queried said they did not have an accurate inventory of where personal data for employees and customers is stored. With data management practices that are not always clear and are subject to change, companies that offer cloud-computing services are steering consumers into dangerous territory, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. Already, problems of identity theft are skyrocketing, he said, and without more regulation, data management services may experience a collapse analogous to that

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

Two firms certified to asses a company's compliance with the Payment Card Industry Data Security Standards (PCI DSS) have been placed under remediation by the PCI Security Standards Council. Two firms certified to asses a company's compliance with the Payment Card Industry Data Security Standards (PCI DSS) have been placed under remediation by the PCI Security Standards Council. "We have a contractual relationship with the PCI Security Standards Council and they can pull our certification at any time," Bates said, adding that the firm is working wholeheartedly to remedy the situation. Chris Konrad, senior vice president of client services at Fortrex, did not return a phone call seeking comment. Fortrex's business is U.S-based. The company is in its sixth year assessing service providers and merchants. In addition to being certified to conduct payment application quality security assessments, the firm sells risk management consulting services. It is a reseller in security vendor Qualys Inc.'s PCI Partner Program, according to the company website. Qualys said its "program gives partners generous margins based on their level of certification." The PCI Council launched its quality assurance program for assessors in September to address growing concerns from merchants about the quality of their assessments and other issues. Merchants have complained that some QSAs don't appear to have the technical skills necessary to conduct a thorough assessment. Other merchants have raised issues with QSA's pitching security products during the assessment process. Merchants that receive negative feedback are placed on probation and a revocation process is in place if assessors do not address the issues identified by the council.

I. INTRODUCTION The globalization revolution is undeniably well underway. Some of the primary leaders of the revolution are the off-shoring outsourcers of the world in search of readily available talent at prices below what is available in the traditional geographical outsourcing centers. Certainly, U.S. companies seeking information technology resources--as well as those looking for human resources to support the ever-growing customer care requirements of their business--are at the forefront of the movement. Some of those companies are seeking their own solutions, but many have turned to business process outsourcing companies for assistance. Business process outsourcing is, generally speaking, the contracting of a specific business task to a third party service provider. Processes that are best suited to be outsourced are those that a company requires but does not depend upon to maintain its position in the marketplace. There are two primary categories of business process outsourcing. One category is commonly referred to as "back office outsourcing" which includes internal business functions such as billing or purchasing. The other category is commonly referred to as "front office outsourcing" which includes customer-related services such as marketing, customer contact management, and technical support. The globalization of business in general has resulted in the need for companies to be able to provide support to their customers in many different languages. At the same time, developments in technology have provided the ability for business process outsourcers to provide a cost effective global delivery platform. The convergence of the need for a portfolio of services to be sourced globally with the ability of business process outsourcers to do so on a cost effective basis has driven the outsourcers to geographic locations previously ignored by most business sectors. By many estimates, there are currently off-shore outsourcing vendors in more than 175 different

What companies do you trust to guard your privacy? According to a Wednesday study from the Ponemon Institute and TRUSTe, eBay is the most trusted company for privacy, followed by Verizon and the U.S. Postal Service. Facebook, meanwhile, cracked the study's top ten for the first time. To reach its conclusions, Ponemon and TRUSTe first polled more than 6,000 adults on their "most trusted" brands. An expert review panel then compared those results against the companies' privacy statements, notices, to what levels they accessed account information, their cookie management, in- and out-of-network data sharing practices, and the availability of customer service staff. Of the top 10 companies, seven of them were technology-related. The entire list includes eBay, Verizon, the U.S. Postal Service, WebMD, IBM, Procter & Gamble, Nationwide, Intuit, Yahoo, and Facebook. "With the banking industry at the center of a national financial crisis, it's no surprise to see a loss of trust reflected in the rankings of even those top performers on this list," Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "Meanwhile, the continued strong showing of e-businesses such as eBay, WebMD, Yahoo, and Facebook seems to demonstrate consumers' growing comfort with doing business online."