Skip to main content

Home/ WPPS C-Suite News/ Group items tagged U.S.

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

VOA News - US Creates Military Cyber Command to Defend Computer Networks - 0 views

www.voanews.com/...2009-06-15-voa64.cfm

Cyber Command U.S. Millitary DOD Cybersecurity Privacy Security

shared by sandy ingram on 17 Jun 09 - Cached
  • Lynn says the U.S. military now considers cyberspace an operational domain, just like land, sea, air and outer space. He says officials are working to develop military doctrine and procedures for cyberspace operations and to increase the department's expertise in cyber security. He declined to say what, if any, offensive actions the United States is taking, or might take, in cyberspace, but he did say this:
  • "One of the reasons we're looking at a Cyber Command is to unify all aspects of cyber defense, so that you don't separate out offense, defense, intelligence, so that all of the various aspects work together," said Lynn.
  • Lynn emphasized that the creation of Cyber Command will not militarize overall U.S. government efforts to protect American government and private computer systems. That effort will be led by a Cyber Security Coordinator - a new position President Barack Obama says he will soon create at the White House.
  • ...1 more annotation...
  • The civilian effort will involve several agencies, including the Department of Homeland Security, the National Security Agency and the intelligence services, with help from the Defense Department. Lynn pledged it will not infringe on Americans' civil liberties - a concern some experts have expressed.
  • sandy ingram on 17 Jun 09
     
    the creation of Cyber Command will not militarize overall U.S. government efforts to protect American government and private computer systems. That effort will be led by a Cyber Security Coordinator - a new position President Barack Obama says he will soon create at the White House. The civilian effort will involve several agencies, including the Department of Homeland Security, the National Security Agency and the intelligence services, with help from the Defense Department. Lynn pledged it will not infringe on Americans' civil liberties - a concern some experts have expressed.
sandy ingram

http://www.corporatecomplianceinsights.com/2009/risk-based-fcpa-compliance-assessments/ - 0 views

www.corporatecomplianceinsights.com/...ed-fcpa-compliance-assessments

Best Practice Privacy Security corporatecomplianceinsights cybersecurity Compliance Fraud

shared by sandy ingram on 01 Aug 10 - Cached
  • Companies lacking an anti-corruption compliance program face great legal, financial, and reputational risks. Government investigators will have no sympathy for those who fail to devote sufficient resources to compliance.
  • sandy ingram on 01 Aug 10
     
    "The Need for Risk-Based FCPA Compliance Assessments How To Deal With Increasing FCPA Risks In a Time of Shrinking Budgets In a time of dwindling funds, growing risks, and increased government targeting of companies that cut compliance budgets, a proper anti-corruption assessment is a vital first step in creating a cost-effective compliance program When a warning comes straight from the mouth of the U.S. Government's lead prosecutor in a field directly affecting their bottom line, it is wise for businesses to pay heed. In an interview earlier this year with PBS's investigative journal, "Frontline," Mark Mendelsohn, the Deputy Chief of the U.S. Department of Justice's Fraud Section, which is charged with enforcing the Foreign Corrupt Practices Act ("FCPA"), offered advice to all American businesses dealing with the current global recession. "I think that companies need to be especially vigilant in this economic climate to not cut back [on FCPA compliance]," Mendelsohn said. "Our law enforcement efforts are not going to be scaled back, and so it would be, I think, a grave mistake for a company to take that path.""
sandy ingram

Survey Finds Gap in Attitudes Between the Cloud "Haves" and "Have-Nots" - ReadWriteCloud - 0 views

www.readwriteweb.com/...vey-finds-gap-in-attitudes.php

Security Privacy cybersecurity compliance cloud marketing

shared by sandy ingram on 24 Aug 10 - Cached
  • This post is part of our ReadWriteCloud channel, which is dedicated to covering virtualization and cloud computing. The channel is sponsored by Intel and VMware.
  • London-based communications SaaS provider Mimecast has announced the results of its second annual Cloud Adoption Survey. The survey, conducted by independent research firm Loudhouse, assessed the attitudes of IT decision-makers in the U.S. and UK about cloud computing
  • The majority of organizations now use some cloud-based services. The report found 51% are now using at least one cloud-based application. Adoption rates for U.S. businesses are slightly ahead of the UK with 56% of respondents using at least one cloud-based application, compared to 50% in the UK
  • ...7 more annotations...
  • Two thirds of businesses are considering adopting cloud computing. 66% of businesses say they are considering adopting cloud-based services in the future, with once again, U.S. businesses leaning more towards adoption than their UK peers (70% of U.S. businesses, and 50% of UK ones).
  • Email, security, and storage are the most popular cloud services. 62% of the organizations that use cloud computing are using a cloud-based email application. Email services are most popular with mid-size businesses (250-1000 employees) with 70% of organizations this size using the cloud for email. Smaller businesses (under 250 employees) are most likely to use the cloud for security services, and larger enterprises (over 1000 employees) most likely to opt for cloud storage services.
  • Existing cloud users are satisfied. Security is not considered to be an issue by existing cloud users: 57% say that moving data to the cloud has resulted in better security, with 58% saying it has given them better control of their data. 73% say it has reduced the cost of their IT infrastructure and 74% believe the cloud has alleviated the internal resource pressures.
  • Security fears are still a barrier. 62% of respondents believe that storing data on servers outside of the business is a significant security risk. Interestingly, this number was higher for users of cloud applications than it was for non-users (only 59% of non-users thought it was risky, while 67% of users did.)
  • Some think the benefits of the cloud may be overstated.54% of respondents said the potential benefits of the cloud are overstated by the IT industry, and 58% indicated they believed that replacing legacy IT solutions will almost always cost more than the benefits of new IT.
  • "The research shows that there is a clear divide within the IT industry on the issue of cloud computing," says Mimecast CEO and co-founder Peter Bauer. "While those organisations that have embraced cloud services are clearly reaping the rewards, there are still a number who are put off by the 'cloud myths' around data security and the cost of replacing legacy IT
  • It is now up to cloud vendors to educate businesses and end users to ensure that these concerns do not overshadow the huge potential cost, security and performance benefits that cloud computing can bring."
  • sandy ingram on 24 Aug 10
     
    Existing cloud users are satisfied. Security is not considered to be an issue
sandy ingram

DoD, DHS to align cybersecurity capabilities - 0 views

www.scmagazineus.com/...180992

dod dhs cybersecurity Security Privacy compliance

shared by sandy ingram on 14 Oct 10 - No Cached
  • The new partnership appears to be part of an effort to move past previous agency turf wars. Last March, for example, Rod Beckstrom resigned from his position as director of the DHS' National Cyber Security Center, citing insufficient funding and support. In his letter of resignation to Napolitano, Beckstrom said the DHS's cybersecurity efforts are "controlled" by the NSA. Meanwhile, it is not uncommon for government departments and agencies to enter into formal agreements to work together on certain issues and to “swap” employees to improve synchronization, Marcus Sachs, director of the SANS Internet Storm Center, told SCMagazineUS.com on Thursday. This agreement is particularly important because the DoD and DHS have a joint mission to protect the United States in cyberspace, he said.
  • sandy ingram on 14 Oct 10
     
    The U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) announced plans Tuesday to streamline their cybersecurity capabilities to better protect the nation's networks. Late last month, Secretary of Homeland Security Janet Napolitano and Secretary of Defense Robert Gates signed an agreement that formalizes processes for the two agencies to work together to protect U.S. networks and critical infrastructure. The agreement outlines a framework whereby the agencies will provide cybersecurity support to one another, and was intended to improve collaboration as the two departments carry out their respective cybersecurity missions.
sandy ingram

Study Finds Companies Struggle to Measure Effectiveness of the Compliance Function - 0 views

www.pwc.com/...PwC-Compliance-Week.jhtml

Privacy security compliance survey

shared by sandy ingram on 24 May 11 - No Cached
  • Senior compliance officers at more than 100 leading U.S. companies responded to 28 questions in four key areas critical for the compliance function: leadership, reporting relationships and structure; compliance function scope, focus and risk; metrics to gauge program effectiveness; and budget, staffing and resources. A major finding of the study: One of the biggest obstacles facing Chief Compliance Officers (CCOs) is measuring the effectiveness of their compliance functions - almost 40 percent of the companies surveyed said they make no attempt to measure the effectiveness of their compliance program.
  • “An effective compliance program is the cornerstone of cooperation credit allowed under the U.S. Sentencing Guidelines and stakeholders are demanding much higher transparency in how compliance risk is effectively managed,” said Miles Everson, PwC principal and global and U.S. risk and compliance leader.
  • “Without a clear measure of the compliance department’s effectiveness, much else is in jeopardy. Lacking this,
  • ...8 more annotations...
  • how does the board know that compliance risks are effectively addressed?  Let alone that the compliance function itself is effective? 
  • According to the study, a critical element to the compliance department’s success is the perceived stature of the CCO and his or her influence among other top leadership.
  • “It’s essential that the compliance function have visibility and direct access both to senior executives in the organization and to the board or one of its committees,” added Everson. “This access helps keep risk and compliance issues on the company’s agenda and lets key ethics and compliance issues surface in a timely fashion.”
  • The State of Compliance survey also provided another interesting glimpse into corporate compliance when it asked about reporting structures. Regulators have long preferred that a company’s top compliance officer report directly to the board, and just last year the U.S. Sentencing Guidelines were revised to state more clearly that CCOs should not be, nor report to, the general counsel.
  • PwC and Compliance Week also found that, over the next 18 months, CCOs anticipate significant challenges when it comes to risk - and that when issues arise, they expect the consequences to be severe.
  • When asked about several high-level categories of risk, such as compliance risk, security risk, reputational risk and others, 48 percent believed the likelihood of a compliance failure was high or very high. 
  • What's more, 65 percent of respondents felt the impact of a compliance risk event, should it occur, would be high or very high. 
  • Effective compliance programs need input and guidance from many different voices in the company (IT, internal audit, finance, security). It is in the company’s benefit for the compliance department to borrow resources from those teams to achieve its goals, rather than build its own expertise in each department.
  • sandy ingram on 24 May 11
     
    "The results of The State of Compliance: 2011, an inaugural study conducted by PwC US and Compliance Week, will be released today at the Compliance Week 2011 6th Annual Conference for corporate financial, legal, risk, audit and compliance officers in Washington, D.C. The report - the first of its kind - identifies a wide range of compliance issues confronting organizations today and will stay current as new companies participate, accurately reflecting the changing compliance landscape."
sandy ingram

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

Security Privacy compliance cybersecurity Best Practice

shared by sandy ingram on 11 Oct 10 - No Cached
  • Thing is, the pitch is less believable these days, and the atmosphere is becoming downright hostile. We face more and larger breaches, increased costs, more advanced adversaries, and a growing number of public control failures.
  • -U.S. businesses continue to hemorrhage credit card numbers and personally identifiable information. The tab for the Heartland Payment Systems breach, which compromised 130 million card numbers, is reportedly at $144 million and counting. The Stuxnet worm, a cunning and highly targeted piece of cyberweaponry, just left a trail of tens of thousands of infected PCs. Earlier this month, the FBI announced the arrest of individuals who used the Zeus Trojan to pilfer $70 million from U.S. banks. Zeus is in year three of its reign of terror, impervious to law enforcement, government agencies, and the sophisticated information security teams of the largest financial services firms on the planet.
  • sandy ingram on 11 Oct 10
     
    Information security professionals face mounting threats, hoping some mix of technology, education, and hard work will keep their companies and organizations safe. But lately, the specter of failure is looming larger. "Pay no attention to the exploit behind the curtain" is the message from product vendors as they roll out the next iteration of their all-powerful, dynamically updating, self-defending, threat-intelligent, risk-mitigating, compliance-ensuring, nth-generation security technologies. Just pony up the money and the manpower and you'll be safe from what goes bump in the night.
sandy ingram

5 Steps to Secure a Mobile Workforce #infosec #grc - 0 views

www.businessweek.com/...secure_a_mobile_workforce.html

mobile security Best Practice Privacy compliance cybersecurity

shared by sandy ingram on 30 Nov 10 - No Cached
  • Here are five steps your company can implement quickly and cost-effectively.
  • 1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.
  • 2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.
  • ...3 more annotations...
  • 3. Encrypt sensitive data and log file access to ensure that data is not compromised if a mobile device is lost or stolen.
  • 4. Automatically filter and delete SMS spam by setting up pre-defined, configurable settings on mobile devices.
  • 5. Restrict network access by noncompliant or potentially infected devices.
  • sandy ingram on 30 Nov 10
     
    "Some 2.8 million Americans now work permanently from home offices and a full 38 million (37 percent of the total U.S. workforce) telecommute at least once a month. For the most part, the mainstreaming of telecommuting and the arrival of the virtual or mobile office has been a positive development, both in terms of employee productivity and cost reduction. However, one of the challenges of the proliferating mobile workforce is for companies to ensure that their most-sensitive customer and corporate information is truly secure."
sandy ingram

Amended SB1386 - Health care data security breach explained - 0 views

www.scmagazineus.com/...120069

hipppa SB1386 health training breaches

shared by sandy ingram on 01 Nov 08 - Cached
  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  • sandy ingram on 01 Nov 08
     
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • sandy ingram on 01 Nov 08
     
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
sandy ingram

Cyber Spies Attack Contractors "Every Hour" - 0 views

www.thenewnewinternet.com/...-attack-contractors-every-hour

cybersecurity attack spies privacy security informaiton

shared by sandy ingram on 07 Apr 10 - Cached
  • “United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful,” writes Kathleen Watson, director of DSS. “As a result, the United States’ technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised.”
  • Attempts to gather intelligence information were traced to over half of the countries in the world. After East Asia and the Pacific, the Near East and Europe and Eurasia were of greatest counterintelligence concern. Despite their overall decline, “European and Eurasian cyber actors remain some of the most active targeters of United States technology.”
  • “Facilitated by ever increasing world wide connectivity, the ease of inundating industry with overt email requests and webpage submissions made direct requests a premier vehicle for solicitation and/or collection,” the report states. “While not all direct requests for information or services represent organized collection attempts, exploitation of this medium provides collectors an efficient, low-cost, high-gain opportunity to acquire classified or restricted information.”
  • sandy ingram on 07 Apr 10
     
    Defense contractors are under consistent attack by foreign intelligence services attempting to gather intelligence related information, according to a report by the Defense Security Service. Instances of cyber espionage place the U.S.'s competitive advantage, technical lead and military advantage at risk, as well as potentially compromising national security interests.
sandy ingram

Bill Gives DHS Lead on Fed IT Security Policy - 0 views

www.govinfosecurity.com/articles.php

dhs privacy security FISMA IT

shared by sandy ingram on 17 Aug 09 - Cached
  • The thinking behind shifting responsibility to DHS from OMB is that Homeland Security has the cybersecurity expertise whereas OMB's proficiency is budgeting. "Already, the Department of Homeland Security is the coordinating agency on cybersecurity," the staffer said. "Now, what you're doing is drastically strengthening the role of DHS by putting into law and then also, giving them the ability to say, with FISMA, approve or not to approve agencies plans, controls, frameworks, the way they secure their systems."
  • The bill also continues the role of the National Institute of Standards and Technology as the key government agency to develop IT security guidance, but leaves it to DHS the decision which guidance has priority.
  • sandy ingram on 17 Aug 09
     
    The responsibility to oversee information security among federal agencies would shift to DHS from the White House Office of Management and Budget under revisions of the measure, nicknamed U.S. ICE, that updates IT security guidance detailed in the seven-year-old Federal Information Security Management Act (FISMA), according to a senior cybersecurity staff member on the Senate Committee of Homeland Security and Government Affairs.
sandy ingram

Study Finds U.S. Small Businesses Lack Cybersecurity Awareness and Policies | Reuters - 0 views

www.reuters.com/...144244+27-Oct-2009+PRN20091027

privacy security Fraud employees Cybersecurity

shared by sandy ingram on 29 Oct 09 - Cached
  • Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.
  • The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.
  • The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.
  • ...7 more annotations...
  • "The 20 million small businesses in the U.S. are a critical part of the nation's economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive,"
  • small businesses seem out of sync with some Internet security risks. 75 percent of small businesses said that they use the Internet to communicate with customers yet only 6 percent fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business.
  • Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords
  • "Security threats are becoming more complex and employees of small businesses are increasingly the target of attacks that expose their organizations to data loss,"
  • "Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information."
  • The demographic makeup of the small business polled
  • sandy ingram on 29 Oct 09
     
    "Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices."
sandy ingram

Smaller companies challenged to comply with Massachusetts' data privacy rules - Mass Hi... - 0 views

www.masshightech.com/...usetts-data-privacy-rules.html

compliance Privacy Security Massachusetts proofpoint

shared by sandy ingram on 10 Nov 10 - No Cached
  • The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.
  • some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”
  • “We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”
  • ...4 more annotations...
  • Under the regulations, organizations — no matter where they are based — that store personal information about Massachusetts residents have to write security policies detailing how the data will be protected, encrypt the data when it is stored on laptops or other portable devices or transmitted over public networks, and monitor their systems for breaches.
  • Believed to be among the most stringent data privacy regulations in the U.S., the rules have lawmakers and businesses taking note. The regulations are now driving computer security policy agendas across the country, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge who chairs the firm’s privacy and data protection group. “The impact is much broader than we ever imagined. Who would have thought it would have catalyzed so much activity?” he said. “This will be with us for decades or longer.”
  • Since March, Cutugno Court Reporting and Sten-Tel Inc., a Springfield-based firm that provides document management and transcription systems, has spent “easily into the six-figure realm” on technology and consulting services to comply with the privacy regulations, said Blake Martin, the company’s CIO.
  • To date, state regulators have not yet taken any public enforcement actions against organizations that have failed to comply with the rules. The state attorney general’s office, which is charged with enforcing the regulations, and the Office of Consumer Affairs and Business Regulation, which developed the regulations, have been focusing on compliance efforts, reaching out to trade groups, bar associations and others to spread the word.
  • sandy ingram on 10 Nov 10
     
    "Eight months after the state's tough, new data privacy regulations went into effect, many businesses are still sorting through the rules and working to bring their firms into compliance. "
sandy ingram

Cloud Computing Guide For Small Business - 0 views

smallbiztrends.com/...cloud-computing-solutions.html

cloud guide small business compliance gartner

shared by sandy ingram on 09 Dec 10 - No Cached
  • 1. The growth of cloud computing is astounding. It is estimated that the worldwide cloud computing market is $8 billion with the U.S. market accounting for approximately 40% of that: $3.2 billion.  According to Gartner’s 2011 predictions, number one on their list of Top Strategic Technologies is Cloud Computing. Gartner also predicts that the SaaS market will hit $14 billion in 2013.
  • 2. Cloud Computing Software Solutions VS Desktop Applications The most common reason why small businesses choose cloud computing solutions over desktop applications is this: It is less expensive because you pay a small monthly amount instead of a one-time fee as it works now with traditional desktop software. On a cash-flow basis, it is less costly because your cloud based apps are often slightly less costly than an annual purchase or upgrade for common programs.  However, you have to look closely at the pricing plans and details for each application.
  • 3. Cloud Computing Solutions are available all the time – no matter where you are. For some business users that operate virtual offices or operate remotely on different machines depending on location and they need the application to be accessible from a web browser. That is one of the biggest advantages of cloud computing– it is available wherever you have access to a computer and browser.
  • ...3 more annotations...
  • When most small business owners or new software companies talk about cloud computing, they usually mean an application that runs from the web and not directly from your not-connected-to-the-Internet desktop (software as a service or SaaS).
  • Cloud computing software solutions, for our purposes here, mean software that has a low monthly fee rather than a one-time capital expenditure. Just about any business function you can think of has a cloud based solution, from phone services to marketing to operations to finance.
  • You may already be relying on cloud computing without even realizing it. Think about your email provider: Are they offering some sort of anti-spam protection? Or what about your anti-virus program? Are they constantly updating and securing your desktop application? They are delivering service from the cloud, without on-premise hardware and software.  This is a great example of how SaaS has infiltrated our work and software installations without us thinking about it.
  • sandy ingram on 09 Dec 10
     
    "In this guide, we suggest 16 things you should consider before deciding whether cloud computing is a good match for your business. Read more about how small businesses use cloud computing."
sandy ingram

CERT's Podcast Series - 0 views

www.cert.org/...20090120pethia.html

Cert podcast

shared by sandy ingram on 12 Feb 09 - Cached
sandy ingram liked it
  • sandy ingram on 12 Feb 09
     
    CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing
sandy ingram

Innovations in software, engineering, pharmaceuticals and other fields are being stolen... - 0 views

www.whitehouse.gov/...homeland_security

homeland Obama cybersecurity

shared by sandy ingram on 20 Mar 09 - Cached
  • The first responsibility of any president is to protect the American people. President Barack Obama will provide the leadership and strategies to strengthen our security at home.
  • Barack Obama and Joe Biden's strategy for securing the homeland against 21st century threats is focused on preventing terrorist attacks on our homeland, preparing and planning for emergencies and investing in strong response and recovery capabilities. Obama and Biden will strengthen our homeland against all hazards
  • Protect Our Information Networks
  • ...9 more annotations...
  • Barack Obama and Joe Biden -- working with private industry, the research community and our citizens -- will lead an effort to build a trustworthy and accountable cyber infrastructure that is resilient, protects America's competitive advantage, and advances our national and homeland security.
  • Strengthen Federal Leadership on Cyber Security
  • ensure that the federal government works with states, localities, and the private sector as a true partner in prevention, mitigation, and response.
  • Work with the private sector to establish tough new standards for cyber security and physical resilience.
  • Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development
  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches:
  • Prepare Effective Emergency Response Plans:
  • Working with State and Local Governments and the Private Sector:
  • Create a National Infrastructure Protection Plan:
  • sandy ingram on 20 Mar 09
     
    The first responsibility of any president is to protect the American people. President Barack Obama will provide the leadership and strategies to strengthen our security at home.
sandy ingram

Privacy is good for business - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo cpo

shared by sandy ingram on 20 Nov 08 - Cached
  • "There are thousands of privacy professionals now, in the U.S. and Europe and Asia. Most of the Fortune 100 have a privacy officer or some sort of equivalent".
  • "Now imagine", Pearson says, "the first few times an insurance company or a university sends out a letter saying, 'excuse me, but we were hacked and we don't know what happened exactly, we don't know what happened to your data, but we are required by law to notify you that something might have happened'. That's not a pleasant situation to be in".
  • But privacy concerns impact more than just the bottom line; they affect multiple areas of an organisation, from legal liabilities to PR efforts to CRM and employee retention. A well-designed, well-implemented policy can help a company in all of these areas, on both the tactical and the strategic levels.
  • ...2 more annotations...
  • Security and privacy are not simply IT challenges—they need to be addressed as strategic issues, at the highest levels of the organisation.
  • Ultimately, however, it is organisational policies, not technology, that are most important to enforcing privacy.
sandy ingram

Data Security Breaches Cost Real Money - 0 views

www.mondaq.com/...article.asp

it data security breach cost privacy Information Assurance Poneman

shared by sandy ingram on 08 Apr 10 - Cached
  • PGP Corporation, an enterprise data protection company, and the Poneman Institute, a privacy and information management research firm, as part of their fifth annual U.S. Cost of a Data Breach Study, tracked a wide array of cost elements
  • These elements included outlays for detection, escalation, notification, and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs related to customer support like information hotlines and credit monitoring subscriptions
  • data breaches caused by malicious attacks and botnets were on the high end of severity and cost responses. These types of breaches doubled from 2008 to 2009.
  • ...5 more annotations...
  • data breaches involving data outsourced to third-parties, especially those offshore, remain very costly.
  • The study shows that companies are spending more on legal defense costs in the area of data security breaches
  • Furthermore, companies that have a Chief Information Security Officer (CISO) or equivalent high-level security/privacy leader in place who manages data security breach incidents experienced a 50% less per cost of compromised record than companies that do not have such leadership.
  • Somewhat surprisingly, the study indicates that companies that notify victims of data breaches too quickly may incur about 12% higher response costs. The study suggests that moving too quickly through the data breach process could cause inefficiencies that raise total costs
  • companies that engage outside expertise to assist them during a data breach incident tended to have a lower $170 cost per victim than companies that do not seek outside help at $231 per victim.
  • sandy ingram on 08 Apr 10
     
    study shows that companies are spending more on legal defense costs in the area of data security breaches. This has been attributed to fears of potential class actions, and other lawsuits resulting from consumer and employee data loss. In fact, companies that engage outside expertise to assist them during a data breach incident tended to have a lower $170 cost per victim than companies that do not seek outside help at $231 per victim.
sandy ingram

Targeting U.S. Technologies - 0 views

dssa.dss.mil/2009

privacy security cybersecurity Fraud

shared by sandy ingram on 07 Apr 10 - Cached
  • United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful
  • Defense contractors with access to classified material are required to identify and report suspicious contacts and potential collection attempts as mandated in the National Industrial Security Program Operating Manual (NISPOM)
  • DSS encourages all Facility Security Officers to use the information in this report to supplement security awareness and education programs at their facilities.
  • sandy ingram on 07 Apr 10
     
    United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful. As a result, the United States' technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised. Defeating this attack requires knowledge of the threat and diligence on the part of all personnel charged with protecting classified information, to deter or neutralize its effect. The Defense Security Service (DSS) works with defense industry to protect critical technologies and information. Defense contractors with access to classified material are required to identify and report suspicious contacts and potential collection attempts as mandated in the National Industrial Security Program Operating Manual (NISPOM). DSS publishes this annual report based on an analysis of suspicious contact reports (SCRs) that DSS considers indicative of efforts to target defense-related information.
sandy ingram

City and County of San Francisco Adopts Microsoft Cloud Solution: This solution will he... - 0 views

www.microsoft.com/...05-18sfcloudpr.mspx

Privacy security cloud microsoft clients

shared by sandy ingram on 20 May 11 - No Cached
  • “The City and County of San Francisco has always been forward-thinking in leveraging technology to improve the services it provides,” said Gail Thomas Flynn, vice president of U.S. State and Local Government at Microsoft Corp. “We are excited at the opportunity to equip and support the employees of San Francisco with the tools they need to better serve the people of San Francisco.”
  • Several competing solutions were examined based on criteria that included price, security, functionality, flexibility, SLA-backed service, proven record for support, and integration with existing infrastructure and tools.
  • “By moving to the Microsoft platform, we not only get immediate improvements to our system, but we gain a disaster-resilient system that provides the most modern information tools, with solid support provisions that can scale with the needs of our constituents,” San Francisco Chief Information Officer Jon Walton said.
  • sandy ingram on 20 May 11
     
    "SAN FRANCISCO - May 18, 2011 - The City and County of San Francisco today announced that it will upgrade and consolidate its multiple citywide email systems used by more than 23,000 employees as part of its ongoing efforts to improve the quality and efficiency of its services and reduce IT management costs. "A key part of serving a community as diverse and vibrant as ours starts with making the right investments in information technology," San Francisco Mayor Edwin M. Lee said. "It is our responsibility to make decisions that are fiscally responsible, forward-looking, and improve the services that city and county employees provide to our constituents.""
sandy ingram

Cloud Concerns "Unfounded and Ridiculous" Former U.S. Chief Information Officer Vivek K... - 0 views

www.nytimes.com/...-budget-look-to-the-cloud.html

Cloud Computing security Privacy compliance Best Practice

shared by sandy ingram on 01 Sep 11 - No Cached
  • sandy ingram on 01 Sep 11
     
    When I joined the Obama administration as the chief information officer, we quickly discovered vast inefficiencies in the $80 billion federal I.T. budget. We also saw an opportunity to increase productivity and save costs by embracing the "cloud computing"
1 - 20 of 23 Next ›
Showing 20 items per page