Skip to main content

Home/ WPPS C-Suite News/ Group items tagged best practices

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

Security Privacy compliance cybersecurity Best Practice

shared by sandy ingram on 11 Oct 10 - No Cached
  • Thing is, the pitch is less believable these days, and the atmosphere is becoming downright hostile. We face more and larger breaches, increased costs, more advanced adversaries, and a growing number of public control failures.
  • -U.S. businesses continue to hemorrhage credit card numbers and personally identifiable information. The tab for the Heartland Payment Systems breach, which compromised 130 million card numbers, is reportedly at $144 million and counting. The Stuxnet worm, a cunning and highly targeted piece of cyberweaponry, just left a trail of tens of thousands of infected PCs. Earlier this month, the FBI announced the arrest of individuals who used the Zeus Trojan to pilfer $70 million from U.S. banks. Zeus is in year three of its reign of terror, impervious to law enforcement, government agencies, and the sophisticated information security teams of the largest financial services firms on the planet.
  • sandy ingram on 11 Oct 10
     
    Information security professionals face mounting threats, hoping some mix of technology, education, and hard work will keep their companies and organizations safe. But lately, the specter of failure is looming larger. "Pay no attention to the exploit behind the curtain" is the message from product vendors as they roll out the next iteration of their all-powerful, dynamically updating, self-defending, threat-intelligent, risk-mitigating, compliance-ensuring, nth-generation security technologies. Just pony up the money and the manpower and you'll be safe from what goes bump in the night.
sandy ingram

5 Steps to Secure a Mobile Workforce #infosec #grc - 0 views

www.businessweek.com/...secure_a_mobile_workforce.html

mobile security Best Practice Privacy compliance cybersecurity

shared by sandy ingram on 30 Nov 10 - No Cached
  • Here are five steps your company can implement quickly and cost-effectively.
  • 1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.
  • 2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.
  • ...3 more annotations...
  • 3. Encrypt sensitive data and log file access to ensure that data is not compromised if a mobile device is lost or stolen.
  • 4. Automatically filter and delete SMS spam by setting up pre-defined, configurable settings on mobile devices.
  • 5. Restrict network access by noncompliant or potentially infected devices.
  • sandy ingram on 30 Nov 10
     
    "Some 2.8 million Americans now work permanently from home offices and a full 38 million (37 percent of the total U.S. workforce) telecommute at least once a month. For the most part, the mainstreaming of telecommuting and the arrival of the virtual or mobile office has been a positive development, both in terms of employee productivity and cost reduction. However, one of the challenges of the proliferating mobile workforce is for companies to ensure that their most-sensitive customer and corporate information is truly secure."
sandy ingram

Security awareness: Helping employees really 'get' company policy - CSO Online - Securi... - 0 views

www.csoonline.com/...yees-really-get-company-policy

security awareness Privacy Best Practice employees training

shared by sandy ingram on 30 Nov 10 - Cached
  • Employee awareness of their companies' security policies is high—if you ask the employees. In a survey of 2,000 office workers, software security company Clearswift found almost three quarters, 74 percent, felt 'confident' that they understand their employers' Internet security policies. That is, policy designed to safeguard data and IT security, as well as maintain productivity.
  • But the confidence is misplaced, Clearswift suggests in their summary of the findings, because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago—a 'technological lifetime,' notes Clearswift.
  • "When security is kept in the shadows and not discussed openly, and only referred to when things go wrong, it is all too easy for office 'folk-law' to become perceived as official policy very quickly. If employees are not aware of when they have broken policies—in some cases because the policy is not even enforced—it can lead to a false sense of security or a belief that what they are doing is actually in line with the corporate policy."
  • ...1 more annotation...
  • The research raises a question that is frequently discussed, but very rarely measured, among organizations: What kind of awareness training is effective? Is it regular and incremental? Is it most effective when done through courses, formal sessions or informal discussions? And how does an organization gauge its effectiveness?
  • sandy ingram on 30 Nov 10
     
    "Research finds while most employees believe they understand their company's security policies, a large number have never received any formal policy education or training. How can an organization really ensure people understand risk?"
sandy ingram

Integrating Ethics and Compliance Into the Entire Organization - 0 views

tfoxlaw.wordpress.com/...e-into-the-entire-organization

Privacy Security compliance ethics integrating SMB Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • There’s no point investing in and implementing an ethics and compliance program unless the time is spent integrating the program into every aspect of an organization. The need for companies to develop effective ethics and compliance programs has been acknowledged by several government agencies- examples are the SEC in the US and the government in the United Kingdom. Both groups have recently passed legislation or made amendments to existing guidelines, focusing heavily on the importance of ethics and compliance at all levels of an organization- especially at the top.
  • Employees at each level contribute to the success of a company’s ethics and compliance program. Integrating ethics and compliance at each level helps ensure the message from the top makes it all the way down to the lower levels of the organization. Training, messages and other ethics and compliance initiatives must be developed to evolve with employees as they move through the company. That being said, employees at various levels need to be prepared to address different ethical issues they may encounter based on the role they play in the organization.
  • Integrating Ethics in the Middle  In many companies, employees report that the middle level is where ethics and compliance commitments break down. Since many of the lower level employees report directly to those in the middle, a commitment to ethics and compliance from middle managers is equally as important as it is at the top.
  • ...4 more annotations...
  • Top level managers can use a number of techniques to assist mid-level managers in understanding the role they play in creating an ethical workplace.
  • Integrating Ethics at Lower Levels Lower level employees are usually the ones on the frontlines acting as ambassadors for a company/brand. Ensuring the commitment to ethics and compliance is as strong at the bottom as it is at the top is critical to the success of a fully integrated ethics and compliance program.
  • One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance. During the interview process, ask questions related to ethical situations and decision making. This can be used as a way to ensure new hires are a proper fit with the existing corporate culture.
  • It’s important to remember that ethics training and implementation doesn’t stop here- this is just the beginning.
  • sandy ingram on 28 Nov 10
     
    "One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance"
sandy ingram

VIDEO The Business Center Is Your Link to #compliance Law - 0 views

business.ftc.gov/...ss-center-your-link-to-the-law

Law business center CEO Best Practice

shared by sandy ingram on 23 Nov 10 - No Cached
  • sandy ingram on 23 Nov 10
     
    "The Business Center Is Your Link to the Law The Business Center is your link to the law. It gives you and your employees the tools you need to comply. Learn how you can use the free resources to enhance compliance and build your customers' trust."
sandy ingram

Strong Growth And Innovation Seen For IaaS In 2011 - "dramatically improved data security" - 0 views

blogs.forrester.com/...formation_as_a_service_in_2011

compliance IaaS Privacy Security data forrester research Best Practice

shared by sandy ingram on 27 Nov 10 - No Cached
  • Even smaller and moderately sized companies will start to look at IaaS. So far, most of the IaaS deployments have been concentrated around very large $1B+ companies; however, we are now seeing that even smaller and moderate sized organizations are very interested in IaaS to help them overcome their data challenges. As a result, in 2011 and beyond we are likely to see small mission-critical IaaS deployments in these organizations to support various types of use cases, ranging from single-version-of-the-truth to BI to searching and compliance reporting. 
  • sandy ingram on 27 Nov 10
     
    6. "More organizations will realize IaaS's security potential. During various inquiry calls this year, some customers mentioned to us that they dramatically improved data security by using an IaaS framework, centralizing the authentication, authorization, and access control of critical data - as a result disallowing direct access to data sources. This not only improves compliance audits for various organizations but also ensures that only authorized users can access sensitive data. We expect that more organizations, especially those that have hundreds and thousands of sources, will adopt an IaaS framework just to improve data security and compliance. "
sandy ingram

Information Security Clauses and Certifications - Part 1 : Info Law Group - 0 views

www.infolawgroup.com/...uses-and-certifications-part-1

Privacy Security Best Practice

shared by sandy ingram on 21 Jan 10 - Cached
  • What contractual information security provisions should you consider, as a customer or as a vendor or business partner, when the contract contemplates the exchange of protected information? What do security standards and audits entail for a vendor, and what do they offer for a customer?
  • With heightened liability and compliance risks associated with handling protected categories of data, it is becoming more common to see contractual requirements holding vendors accountable for information security or requiring them to conform to a specified information security standard
  • sandy ingram on 21 Jan 10
     
    Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches. The contract may also set expectations more precisely by incorporating a written security policy or referring to a widely accepted information security standard, sometimes accompanied by a requirement for a third-party security audit or assessment
sandy ingram

20% of Businesses Will Get Rid of All IT Assets As They Move to Cloud, Gartner Predicts - 0 views

www.cio.com/...Move_to_Cloud_Gartner_Predicts

infomration seucitry Best Practice

shared by sandy ingram on 22 Jan 10 - Cached
  • But it's not just cloud computing that is driving a movement toward "decreased IT hardware assets," in Gartner's words. Virtualization and employees running personal desktops and laptops on corporate networks are also reducing the need for company-owned hardware.
  • Gartner's prediction was part of a release Wednesday that highlights nine key predictions that will affect IT organizations and users this year and beyond.
  • sandy ingram on 22 Jan 10
     
    The shift toward cloud services hosted outside the enterprise's firewall will necessitate a major shift in the IT hardware markets, and shrink IT staff, Gartner said. "The need for computing hardware, either in a data center or on an employee's desk, will not go away," Gartner said. "However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points."
sandy ingram

Before You Choose a Cloud Computing Vendor: 8 Questions - 0 views

www.networkworld.com/...before-you-choose-a-cloud.html

cloud CEO cybersecurity Best Practice Compliance security privacy

shared by sandy ingram on 28 Apr 10 - Cached
  • "A manufacturing company isn't going to have the same checklist as a service company or retailer," Golden says. "They're too different. But there is a consistent set of things to look at. Some of them are specific to cloud providers; a lot of them are the same kinds of things you had to look at in outsourcing or any other service provider contract.
  • How responsive is the cloud company?
  • Some providers may be more responsive at the beginning of a relationship than later, so checking with other customers on that point is important as well, Golden says.
  • ...1 more annotation...
  • How transparent is the cloud service?
  • sandy ingram on 28 Apr 10
     
    How do you find the right cloud provider? There's not a consistent checklist either small or large companies can go through to make the selection
sandy ingram

Small Companies Look to #Cloud for Savings in 2011 - WSJ.com - 0 views

online.wsj.com/...3513204576047972349898048.html

Privacy security compliance cloud Best Practice

shared by sandy ingram on 30 Dec 10 - No Cached
  • As of April 2010, only about 7% of small-business owners were using cloud services, but that number is expected to grow to more than 10% by mid-2011, according to a survey by technology-research firm IDC.
  • Half of small firms that use "the cloud" say it has improved their bottom line, according to a survey this fall by Microsoft Corp., which provides cloud services.
  • A number of surveys show that some business owners are hesitant to try cloud computing because they don't want to stray from familiar systems or invest in new ones. Some owners that have made the switch, however, say it has been a boon to their cash-strapped firms.
  • ...6 more annotations...
  • Garey Willbanks, owner of Boiler Management Ltd. in Houston, says he pays about $600 a month to store information in the cloud. He estimates that is less than a tenth of what he would pay if he hired technology personnel to run an in-house storage server.
  • In June, Michael Tracy, a private law practitioner in Irvine, Calif., decided to try Nextpoint, a cloud-based program for attorneys. He had previously spent $10,000 to $12,000 a year licensing software that would organize materials before a trial. The problem was he needed it just a few times a year. By contrast, Mr. Tracy pays for Nextpoint only when he uses it, and he anticipates spending just $4,000 to $6,000 a year on the service.
  • "If you already have tight control over your company, your expenses may drop 10% to 20%,"
  • Despite the savings, there are risks. Security breaches, for instance, can happen if the cloud provider isn't reliable. "If they make money directly from you, then they will want to secure [your information]," Mr. Enderle says. "If they make it through advertising," they may be more likely to sell the information to advertisers, he says.
  • Others fear that they might lose their information, or have to spend a lot of time transferring data, if they want out.
  • "So make sure it's the right provider and that you're ready to be in it for the long haul."
  • sandy ingram on 30 Dec 10
     
    "A growing number of small-business owners are expected to try cloud computing services next year, hoping to trim costs and stay up and running if disaster strikes. Cloud computing refers to any service that operates over an Internet connection, allowing immediate access from any computer or mobile device with Web access. Business owners can access software or store information-such as customer contacts, accounting data and presentations-and leave the technical maintenance to the cloud provider. "
sandy ingram

Why IT Is Moving to the Cloud - 0 views

www.windowsitpro.com/...IT-Is-Moving-to-the-Cloud.aspx

cloud computing Best Practice

shared by sandy ingram on 07 Jan 11 - No Cached
  • While concerns about security, identity, SLAs, and other topics are still on the minds of many IT pros, those concerns are gradually being addressed by cloud providers
  • While cloud computing may not be a complete solution for every enterprise—nobody is talking about ditching internal data centers yet, and probably never will—a number of pressing factors are driving the growth of cloud computing. I’ll cover some of the biggest drivers towards cloud computing adoption here.
  • Improved IT Agility As recently as a few years ago, it took far too long for many IT departments to respond to increasing demand for computing capacity.
  • ...3 more annotations...
  • Cost Savings and ROI Cloud computing isn’t a panacea, but there are clear-cut cases where moving part of your IT infrastructure to the cloud makes solid operational and financial sense.
  • Private Cloud vs. Public Cloud
  • Cloud-Savvy IT Staff
  • sandy ingram on 07 Jan 11
     
    "70 percent of IT decision makers are using or plan to use cloud computing in their own enterprises within 24 months."
sandy ingram

Carnegie Mellon - MySecureCyberspace: Setting Up a Secure Network in the Office #smb #grc - 0 views

www.mysecurecyberspace.com/...ure-network-in-the-office.html

Privacy security Best Practice

shared by sandy ingram on 28 Dec 10 - No Cached
  • Staying Wired When possible and convenient, use a wired network. Wired networks, whose signals are contained within wires, are much safer than wireless networks, whose signals are broadcast into the air. One can be safe from a number of malicious attacks by connecting a computer to the router (a device that connects networks, in this case, your local network to the Internet) via an ethernet cable, instead of connecting via wireless. Appropriate network settings, of course, must be entered into the computers.
  • Taking the Office Wireless
  • Securing Each Network Node
  • ...2 more annotations...
  • If a wireless network is desired, use the following recommendations.
  • Next, security must be implemented on the computers that will connect to the network, known as the "network nodes."
  • sandy ingram on 28 Dec 10
     
    "A secure office network is the first step towards secure computing. Following are a few suggestions to secure networking at work."
sandy ingram

Private Cloud Computing: A Game Changer for Disaster Recovery » Welcome to pr... - 0 views

www.privatecloud.com/...-changer-for-disaster-recovery

private cloud computing Best Practice

shared by sandy ingram on 04 Jan 11 - No Cached
  • sandy ingram on 04 Jan 11
     
    "Private cloud computing offers a number of significant advantages - including lower costs, faster server deployments, and higher levels of resiliency. What is often over looked is how the Private Cloud can dramatically changes the game for IT disaster recovery in terms of significantly lower costs, faster recovery times, and enhanced testability."
sandy ingram

The Fed 2011 Agenda: Rush to the Cloud ! - 0 views

www.drdobbs.com/...M4GKN3UNAEZQE1GHRSKH4ATMY32JVN

Best Practice cloud compliance

shared by sandy ingram on 03 Jan 11 - No Cached
  • The new 25-point plan establishes a Data Center Consolidation Task Force with a goal of reducing the number of data centers by 800 as of 2015.
  • The plan also touts scalability as a reason for embracing the cloud over traditional solutions. It cited the example of a private-sector company doing video editing that experienced a surge of demand and was able, using the cloud, to scale from 50 to 4,000 virtual machines in three days.
  • There's an expectation that moving applications such as e-mail to the cloud will facilitate data center consolidation and reduce IT budgets. Some federal agencies have already awarded contracts to move e-mail to the cloud. In addition, the government has selected a dozen vendors to supply Infrastructure-as-a-Service (Iaas).
  • ...6 more annotations...
  • Google and Microsoft want the government’s cloud business and they’ve undertaken a PR campaign including announcements of high-profile contract awards. The General Services Administration (GSA) recently awarded Unisys and Google a contract to host e-mail in the cloud. The US Department of Agriculture (USDA) selected Dell to supply Microsoft Online Services for the migration of 120,000 users and 21 e-mail systems to the cloud.
  • Microsoft was the winner of a Department of the Interior contract for moving e-mail to the cloud, a selection that Google protested. Google and its reseller, Onix Networking Corp, have filed suit against the Department of the Interior to overturn that selection.
  • Both Google Apps for Government and BPOS have been certified as being compliant with the Federal Information Security Management Act (FISMA). Being given FISMA Authority to Operate (ATO) is a certification the cloud infrastructure is a secure, trusted environment for government applications and databases they use.
  • The federal contracts for hosting e-mail in the cloud are not the first Big Government embrace of hosted e-mail. Microsoft reportedly has several hundred state and local agencies using its cloud services. New York City recently announced it will adopt Microsoft BPOS for 30,000 city users.
  • The State of California awarded a contract to Microsoft and Computer Sciences Corporation (CSC) for the migration of 130 of e-mail systems to Microsoft BPOS.
  • The State of Minnesota Office of Enterprise Technology (OET) announced an agreement with Microsoft to migrate Exchange e-mail and other communications services to BPOS in a private cloud.
  • sandy ingram on 03 Jan 11
     
    "In December 2010, the government's CIO, Vivek Kundra, released a 25-point plan for an overhaul of Federal IT that emphasizes a cloud-first policy for federal agencies. Currently the federal government is on pace to spend $79 billion on IT this year, with more than 20% going to infrastructure spending. Because the US government has spent $600 billion on IT over the past decade, the plan's intent is to reduce IT spending by the federal government."
sandy ingram

Infosecurity (USA) - Passwords becoming risky form of enterprise authentication - 0 views

www.infosecurity-us.com/...m-of-enterprise-authentication

compliance security infosecurity passwords Best Practice

shared by sandy ingram on 04 Feb 11 - No Cached
  • “The fact that passwords remain the cornerstone of enterprise authentication represents a significant and increasing risk. The vulnerability of password-based authentication is widely recognized: From the earliest phishing attacks to the most sophisticated spyware, passwords still represent one of the most common methods hackers target and use to access corporate systems and sensitive data”, the study observed.The way to reduce the costs of lost passwords and the increased vulnerability of similar user passwords is through the use of strong multi-factor authentication, explained Chatterjee. For example, two-factor authentication involves the use of something the user remembers, such as a password, and something the user has, like a token.
  • This approach increases security because a hacker needs both to gain access to a system or account; figuring out the password is not enough. It also reduces the need for users to have multiple, complex passwords. The system's two factors provide the complexity from a security point of view, he explained. Chatterjee used the example of a bank ATM card, which requires the use of the card along with the password for the user to gain access to his or her account.
  • With the two-factor authentication, users do not need to have complex passwords that change frequently. This reduces the burden on the employees as well as on the help desk, he noted.
  • sandy ingram on 04 Feb 11
     
    "30% to 50% of help desk calls relate to forgotten passwords"
sandy ingram

Cloud Concerns "Unfounded and Ridiculous" Former U.S. Chief Information Officer Vivek K... - 0 views

www.nytimes.com/...-budget-look-to-the-cloud.html

Cloud Computing security Privacy compliance Best Practice

shared by sandy ingram on 01 Sep 11 - No Cached
  • sandy ingram on 01 Sep 11
     
    When I joined the Obama administration as the chief information officer, we quickly discovered vast inefficiencies in the $80 billion federal I.T. budget. We also saw an opportunity to increase productivity and save costs by embracing the "cloud computing"
sandy ingram

Is Internet Explorer 9 Now the Safest Web Browser? - 0 views

www.securitynewsdaily.com/orer-9-safest-web-browser-0730

ie9 safe brower chrome privacy security internet Best Practice

shared by sandy ingram on 06 Oct 11 - No Cached
  • sandy ingram on 06 Oct 11
     
    With criminals migrating to Chrome, Bott says Chrome's filters, and its entire approach to protecting users, isn't as airtight as IE9's - or even as secure as its advocates believe.
sandy ingram

Top regulatory compliance trends that will affect IT in 2009 - 0 views

searchcompliance.techtarget.com/...9142,sid195_gci1359326,00.html

Privacy Security Compliance Enforcement Best Practice

shared by sandy ingram on 18 Jun 09 - Cached
  • More enforcement coming Deputy Attorney General Dave Ogden also was among those who see a renewed emphasis on "prosecuting financial crimes aggressively" in the months ahead. Reflecting Ogden's assessment, former U.S. Deputy Attorney General Paul McNulty said that money laundering, fraud and tax issues are also receiving increased enforcement action. McNulty pointed to the requirements of the Sarbanes-Oxley Act (SOX), which mean that more information now must be disclosed and acted upon
  • sandy ingram on 18 Jun 09
     
    More enforcement coming SOX 404(b) will matter FCPA compliance Focus on risk management
sandy ingram

Few businesses are likely to be insured against the result of cyber attacks - Security ... - 0 views

www.securitypark.co.uk/security_article263278.html

Best Practice Privacy Security Insurance Employee Fraud unemployment resession

shared by sandy ingram on 21 Jul 09 - Cached
  • Businesses are advised to thoroughly review risk management procedures and insurance programmes to ensure they have adequate and relevant cover in place: “The responsibility to get the house in order should lie with an organisation’s Managing Director or Finance Director, and not the IT department alone,” says Simon. “IT defences whilst vital only react to known problems and are not guaranteed to be 100 percent secure. Protection for the whole business and its sustainability is without doubt the safest option.”
  • “The economic downturn has resulted in people of all levels and responsibilities losing their jobs, and those with a detailed knowledge of their former employers’ IT and operating systems may well present a real potential threat, and turn to extortion as a way of taking revenge on their former employer, and of making some money at the same time.
  • According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss.
  • sandy ingram on 21 Jul 09
     
    According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss. "According to a DTI Information Security Breaches Survey, a third of UK businesses think general business insurance provides full cover for damage to the business arising from data loss," comments Wilsons' Simon Hoare, "but the reality is quite different, with very few businesses likely to be insured against the result of cyber attacks on its most crucial management and business tool - corporate and customer information, most of which is today held on corporate IT systems. "For public company directors, this is in fact in breach of their duties under the Turnbull Report, which requires them to identify, manage and take an informed opinion on the transfer of risks for the business."
sandy ingram

FTC Red Flags Evaluation_for Low Risk Businesses - 0 views

ftc.gov/...Flags_forLowRiskBusinesses.pdf

Red Flag Rule compliance Best Practice FTC

shared by sandy ingram on 20 Jul 09 - No Cached
  • sandy ingram on 20 Jul 09
     
    Complying with the Red Flags Rule: A Do-It-Yourself Prevention Program for Businesses and Organizations at Low Risk for Identity Theft
‹ Previous 21 - 40 of 46 Next ›
Showing 20 items per page