Skip to main content

Home/ WPPS C-Suite News/ Group items tagged account

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

For Small Businesses, Account Fraud Adds Up - 0 views

blogs.forbes.com/...sinesses-account-fraud-adds-up

cybersecurity Fraud privacy security smallbiz

shared by sandy ingram on 14 Apr 10 - Cached
  • Now, in a survey of more than 600 small business owners and executives, the Ponemon Institute has tried to put a number on the cost of credit card account fraud for those vulnerable targets, comparing the damage with the cost of physical theft by employees or burglars. The result: While identity theft takes less from businesses per incident than either robberies or crooked employees, it hits them often enough that it's an equally costly or even costlier problem. According to Ponemon's study, the median account fraud incident costs a business $5,136. That's much less than the $9,913 the respondents attributed to the median cost of a burglary or $17,517, the cost they attributed to an employee theft case. But take the frequency of those incidents into account, and the pain adds up. About 86% of businesses have suffered from account fraud, more than the 77% who have been robbed or the 63% whose employees have stolen from them. And among those victims, most businesses experience employee theft either once (32%) or zero times a year (41%). Robberies are less costly but more frequent: Most businesses report them either once (29%) or between two and five times a year (38%). Account fraud is far more frequent: 45% of businesses have been digitally defrauded two to five times in the last year, and 38% have been defrauded more than five times.
  • sandy ingram on 14 Apr 10
     
    Small businesses, by contrast, don't always share those protections. And that means they often feel the full brunt of cybercrime
sandy ingram

Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Ac... - 0 views

blog.ericgoldman.org/...california_cour.htm

Best Practice employees social media account

shared by sandy ingram on 10 Nov 11 - No Cached
  • The takeaway is to have a written agreement that governs this issue!
  • PhoneDog said it suffered $340,000 in damages. The account had 17,000 followers, "which according to industry standards, are each valued at $2.50."
sandy ingram

How a Pas5woRd Can Sink Your Company - NYTimes.com - 0 views

boss.blogs.nytimes.com/...pas5word-can-sink-your-company

Privacy Security password Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever — government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing.
  • Sadly, Mann and I called it right. Viruses, trojans and spyware are bigger problems than ever. Employees unwittingly but routinely hand over their passwords to hackers who break into corporate databases to steal credit card and other information of thousands of customers. Private e-mail is rifled through and made public, and companies have their computers incapacitated by “denial of service” attacks. You need to ask yourself: Could your company survive an encounter with a hacker?
  • Don’t count on even the best security software or services to protect you —
  • ...8 more annotations...
  • they’re always one step behind the latest hacking twist sweeping through networks. Even if you could afford to get a computer-security genius to come in and watch your company’s back 24 hours a day, he or she couldn’t fully protect you if you or any one of your employees were to slip up.
  • Everyone knows by now, I would think, that you shouldn’t use a password that’s easy to guess.  Hackers use automated programs that can find any password if it’s a word in the dictionary or a proper name, even if it’s spelled backwards.
  • But here’s the problem even tricky password users run into: Because we all need passwords for so many Web sites and accounts these days, people end up using the same password for many of them — or else write their passwords down somewhere. Both of these practices are disasters waiting to happen.
  • If you use the same password for many sites, all a hacker has to do is get your password at any one site — and some site out there somewhere is doing a lousy job of protecting your password — and he’s got it for all of your sites and accounts. So if a hacker or malicious employee at the place you buy shoelaces online lifts your password, he can get into your bank account and your company’s computers.
  • Here’s a better solution: Come up with a simple formula for generating passwords in your head that’s based on the name of the site or organization you’re signing up with. For example, you might take the name of the site (tractortires.com), drop everything but the first six characters to the left of the “dot” (tracto), reverse the first three letters (artcto), add the number “5″ after the third character and a capital “Z” at the end (art5ctoZ). By this formula, “plan9movie.net” gets the password “alp5n9mZ,” and “cellphone.org” yields “lec5lphZ.”
  • Make up your own formula, and don’t share it with anyone. It may sound a bit complicated, but after doing it a few times you’ll be able to do it in your sleep, and you’ll have a unique, impossible-to-guess password for every one of your accounts and sites without having to write anything down.
  • Every single one of your employees has to get with the program on this. If they’re writing passwords down, or using the same password everywhere, then they’re not just risking getting hacked at other sites, they’re also inviting hackers into any of your company’s computers or accounts to which they have password access.
  • So you might want to teach everyone in your company how to come up with his or her own in-your-head password-generating formula.
  • sandy ingram on 28 Nov 10
     
    "Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever - government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing."
sandy ingram

Organizational Accountability is Key to Protecting Users' Privacy - Microsoft Privacy &... - 0 views

blogs.technet.com/...-protecting-users-privacy.aspx

Security Privacy compliance policy Best Practice

shared by sandy ingram on 18 Nov 10 - No Cached
  • The conference has commenced this morning in Jerusalem, a city of both ancient traditions and thoroughly modern influences, and I was reminded of how that same dynamic is true of privacy in the Internet age.  Yesterday marked the 30th anniversary of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.  These privacy guidelines have served as the basis for numerous privacy laws in place across the globe.  Yet, even these privacy principles need to keep pace with the changing information environment.  In my remarks today at a panel discussion titled “Notice and Consent:  Illusion or Reality?”, I suggested that individual participation through mediums such as notice and consent remains important to safeguarding users’ privacy, but by itself does not afford enough protection.  This is particularly true given the explosion of information collection and use that is the fuel of today’s Internet economy. The same is true of the various legal frameworks that govern data collection, usage, and sharing.  Both are important, but neither is sufficient on its own.
  • Alongside individual participation and regulatory oversight, another vital aspect of privacy protection is often overlooked: the role and responsibility of the organization in maintaining and protecting personal data.
  • Microsoft’s view, as outlined in a new white paper released today at the conference, is that organizations’ privacy policies and data management practices most directly influence whether users’ personal information is kept safe or exposed to risk. Therefore, we believe that organizations—including Microsoft—must hold themselves accountable for acting to protect users’ interests and taking appropriate measures to safeguard privacy and personal data, even in the absence of specific regulatory mandates.
  • sandy ingram on 18 Nov 10
     
    "This week, more than 400 policymakers, privacy advocates and industry representatives will be converging in Israel for the 32nd International Conference of Data Protection and Privacy Commissioners. "
sandy ingram

Complex Global Risks, Boardroom Demands to Challenge Risk Managers in 2010: Marsh | EON... - 0 views

eon.businesswire.com/...permalink

risks security privacy Compliance

shared by sandy ingram on 02 Jun 10 - Cached
  • “With the ever-increasing complexity of global exposures, successful risk management today depends on timely information, regulatory awareness, and thoughtful anticipation of the range of local and global scenarios,”
  • sandy ingram on 02 Jun 10
     
    Global risk managers are challenged by new boardroom demands of insurer security, balance sheet transparency, and heightened accountability.
sandy ingram

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule - 0 views

www.ftc.gov/...redflags.shtm

identity theft ftc extends Red Flags Rule Legal compliance information security

shared by sandy ingram on 21 Oct 10 - Cached
  • “Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly.
  • The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft.
  • The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.
  • ...3 more annotations...
  • The Rule became effective on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008.
  • Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
  • If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.
  • sandy ingram on 21 Oct 10
     
    FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the "Red Flags" Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance. "Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule - and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift," FTC Chairman Jon Leibowitz said. "As an agency we're charged with enforcing the law, and endless extensions delay enforcement." The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring "creditors" and "financial institutions" to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have "covered accounts" to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities - known as "red flags" - that could indicate identity theft. The Rule became effective on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008. The Commission has issued several Enforcement Policies delaying enforcement of the Rule. Most recently, the Commission announced in October 2009 that at the request of certain Members of Congress, it was delaying enforcement of the Rule until June 1, 2010, to allow Congress time to finalize leg
sandy ingram

Nation's toughest personal info law about to take effect -- Government Computer News - 0 views

gcn.com/...-law-personal-information.aspx

Breach Law WISP pii security MA Laws

shared by sandy ingram on 30 Jan 10 - Cached
  • Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls.
  • The law was written in response to the theft of information on more than 45 million credit card accounts from TJX Companies in 2007
  • The law is designed to ensure “the security and confidentiality of customer information,” based on current industry standards, focusing on threats that can or should be anticipated. The regulations take into account the size of a business, the amount of resources available to it, the amount of personal data held and the sensitivity of the data. It covers paper and electronic records and requires physical and IT security.
  • ...1 more annotation...
  • written information security plan (WISP). “Ninety percent of the clients I deal with on this law do not have a WISP.”
  • sandy ingram on 30 Jan 10
     
    "Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law , passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls."
sandy ingram

Protect your business from the cybercrime wave - USATODAY.com - 0 views

www.usatoday.com/...2010-04-18-cyber-threats_N.htm

security privacy cybersecurity Fraud CEO

shared by sandy ingram on 19 Apr 10 - No Cached
  • According to Conner, cybercrooks are now targeting small business: "We are in an arms race with sophisticated, high tech enemies who are now concentrating on smaller business bank accounts in addition to their continued efforts to steal from large corporations." To combat the risk, Conner suggests that small businesses employ a "triple threat" security package that would include
  • According to Brian Krebs, a journalist who has covered this issue extensively, "Most companies that get hit with this type of fraud quickly figure out that their banks are under no legal obligation to reimburse them."
  • So how does this type of fraud occur, and what can you do to protect yourself? Typically, the bad guys are able to plant malware on the victim's computer and then use that to access the company's online banking profile. They then use that information to transfer huge sums of money out of the targeted accounts.
  • ...1 more annotation...
  • unlike consumers, small businesses do not get the same protections afforded consumers who are the victim of online fraud. If your credit card is stolen, and you report it promptly, your out-of-pocket loss is capped at $50.
  • sandy ingram on 19 Apr 10
     
    small businesses do not get the same protections afforded consumers who are the victim of online fraud.
sandy ingram

Small Companies Look to #Cloud for Savings in 2011 - WSJ.com - 0 views

online.wsj.com/...3513204576047972349898048.html

Privacy security compliance cloud Best Practice

shared by sandy ingram on 30 Dec 10 - No Cached
  • As of April 2010, only about 7% of small-business owners were using cloud services, but that number is expected to grow to more than 10% by mid-2011, according to a survey by technology-research firm IDC.
  • Half of small firms that use "the cloud" say it has improved their bottom line, according to a survey this fall by Microsoft Corp., which provides cloud services.
  • A number of surveys show that some business owners are hesitant to try cloud computing because they don't want to stray from familiar systems or invest in new ones. Some owners that have made the switch, however, say it has been a boon to their cash-strapped firms.
  • ...6 more annotations...
  • Garey Willbanks, owner of Boiler Management Ltd. in Houston, says he pays about $600 a month to store information in the cloud. He estimates that is less than a tenth of what he would pay if he hired technology personnel to run an in-house storage server.
  • In June, Michael Tracy, a private law practitioner in Irvine, Calif., decided to try Nextpoint, a cloud-based program for attorneys. He had previously spent $10,000 to $12,000 a year licensing software that would organize materials before a trial. The problem was he needed it just a few times a year. By contrast, Mr. Tracy pays for Nextpoint only when he uses it, and he anticipates spending just $4,000 to $6,000 a year on the service.
  • "If you already have tight control over your company, your expenses may drop 10% to 20%,"
  • Despite the savings, there are risks. Security breaches, for instance, can happen if the cloud provider isn't reliable. "If they make money directly from you, then they will want to secure [your information]," Mr. Enderle says. "If they make it through advertising," they may be more likely to sell the information to advertisers, he says.
  • Others fear that they might lose their information, or have to spend a lot of time transferring data, if they want out.
  • "So make sure it's the right provider and that you're ready to be in it for the long haul."
  • sandy ingram on 30 Dec 10
     
    "A growing number of small-business owners are expected to try cloud computing services next year, hoping to trim costs and stay up and running if disaster strikes. Cloud computing refers to any service that operates over an Internet connection, allowing immediate access from any computer or mobile device with Web access. Business owners can access software or store information-such as customer contacts, accounting data and presentations-and leave the technical maintenance to the cloud provider. "
sandy ingram

Infosecurity (USA) - Passwords becoming risky form of enterprise authentication - 0 views

www.infosecurity-us.com/...m-of-enterprise-authentication

compliance security infosecurity passwords Best Practice

shared by sandy ingram on 04 Feb 11 - No Cached
  • “The fact that passwords remain the cornerstone of enterprise authentication represents a significant and increasing risk. The vulnerability of password-based authentication is widely recognized: From the earliest phishing attacks to the most sophisticated spyware, passwords still represent one of the most common methods hackers target and use to access corporate systems and sensitive data”, the study observed.The way to reduce the costs of lost passwords and the increased vulnerability of similar user passwords is through the use of strong multi-factor authentication, explained Chatterjee. For example, two-factor authentication involves the use of something the user remembers, such as a password, and something the user has, like a token.
  • This approach increases security because a hacker needs both to gain access to a system or account; figuring out the password is not enough. It also reduces the need for users to have multiple, complex passwords. The system's two factors provide the complexity from a security point of view, he explained. Chatterjee used the example of a bank ATM card, which requires the use of the card along with the password for the user to gain access to his or her account.
  • With the two-factor authentication, users do not need to have complex passwords that change frequently. This reduces the burden on the employees as well as on the help desk, he noted.
  • sandy ingram on 04 Feb 11
     
    "30% to 50% of help desk calls relate to forgotten passwords"
sandy ingram

Managing Cloud Risks - Forbes - 0 views

www.forbes.com/...managing-cloud-risks

security privacy compliance Best Practice cybersecurity cloud GRC

shared by sandy ingram on 27 Oct 11 - No Cached
  • SLAs and the “Right to Audit” Clause When you move your data to the cloud, you must consider the risk to your brand should a breach occur. You need to ensure that any Service Level Agreements (SLAs) you have in place protect it. SLAs should address any and all risks to your data while it lives in the cloud. 
  • sandy ingram on 27 Oct 11
     
    Vendor Risk Management and Cloud Security Standards Another important consideration when mapping out your cloud GRC strategy is to ensure your vendor risk management program accounts for the new risks that come with moving to the cloud.
sandy ingram

How long can CISO's avoid Cloud Computing? | CISO - 0 views

ciso.in/...567

security Privacy compliance Best Practice cloud computing workplace ipad tablets windows

shared by sandy ingram on 23 Feb 12 - No Cached
  • Network & Systems delivering the cloud service How does the authentication to access the network devices and operating system implemented? Does it use any two factor authentication? About the availability of the network and security infrastructure? does it implement load balancing or high availability solutions for the critical infrastructure components like firewalls, IPS, reverse proxies etc… Is the underlying cloud systems are secured? Do they have a baseline configuration implemented? How does the configuration managed? Does the cloud computing provider got a plan and/or policy to perform configuration management, patch management, anti-malware etc. Does the network undergoes periodic penetration testing? Does it undergo internal vulnerability assessment periodically? How is it ensuring that a compromised client with privileged access to the operating system is separated internally? Does it undergo periodic audits against standards like ISO27001, SAS70 etc? How is the customer data separated from one another? What are the security controls implemented to ensure this separation? What are the protection and response controls against the Denial of Service attacks?
  • Cloud Applications & Data Protection What are the security controls in the application development process? Does it include security code reviews of the code being developed or used? Is there a documented change and configuration management process? How does the application servers patched and what frequency? What are the mechanisms for managing the access control? How is the database protected from unauthorized access? How are they identifying the access reset requests are from the actual user. How do they create and delete/disable user accounts? what are the procedures for these activities. IS the data encrypted? If encrypted, how is the encryption keys are protected? What is key management process being followed? How is the data loss prevention ensured? Details of the DLP controls implemented? Is there a backup mechanism established? How is the data protected in the backups? Does the cloud service provider meets the regulatory requirements? For example, if the service is a ecommerce service then the cloud service could become part of the card holder environment and thus the PCI DSS regulation as there are potential card data being processed. Similarly, if the health information is processed, it can be HIPAA and similar other regulations. Is the cloud computing service provider meets the compliance requirements? Where is your data being hosted? Is it within your country or its jurisdiction? Is your organization comfortable with the legal system in the country where your data resides? How about cloud computing service provider who has a network of data centres across the globe and your data is scattered across these data centres? Can it limit the countries where the data is stored?
  • What are the conditions / scenarios where the data is revealed without the consent / approval of the organization? Does the application provide enough audit trials to review the incidents? Does it corporate with local legal system? Often the local law authorities require access to the processing computers, how is it support those requests?
  • ...1 more annotation...
  • Security Management What are the information security management policies and procedures implemented and documented? Are all employees required to undergo the security awareness training and acknowledge their acceptance to the policies and procedures at least annually? Is the cloud computing service provider has a dedicated information security professional? What are the network security capabilities established by the service provider? Are these personal technical qualified and certified? How is the insider threats within the cloud service provider being addressed? What is the background verification process being followed by the cloud service provider? Is there a privileged activity monitoring of systems and databases? How is the security incidents and violations are handled? Does it have a documented policy? How is the log integrity ensured? What are the mechanisms implemented to ensure that the logs cannot be altered and / or stopped. How long the logs are kept online and on the backup? What are the business continuity and disaster recovery capabilities of the cloud service provider? Many organization look at cloud as a BCM solution. Does the underlying cloud service provider is capable of delivering a BCM aware cloud service?
sandy ingram

FTC Delays Enforcement of Red Flags Rule Fifth Time at the request of Congress - 0 views

www.hipaa.com/...-ftc-red-flags-rule-fifth-time

compliance FTC Red Flags Rule

shared by sandy ingram on 17 Sep 10 - No Cached
  • “The Commission urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays.  If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.”
  • The issue regarding the delays in FTC enforcement relates to “scope of entities covered by the Rule,” as indicated in the FTC news release.  Congress is taking action[2]:
  • “House lawmakers in October [2009] passed H.R. 3763[3], which would exclude from the Red Flags guidelines meaning of ‘creditor’ any healthcare, accounting, or legal practice with 20 or fewer employees, as well as any other business which the FTC determines knows all its customers or clients individually; only performs services in or around the residences of its customers; or hasn’t experienced incidents of ID theft, and identity theft is rare for businesses of that type.  An identical bill, S.3416 was introduced in the Senate on May 25 [2010].” A lawsuit was filed in federal court on May 21, 2010, to accomplish a similar objective of narrowing scope of entities covered by the Rule. 
  • sandy ingram on 17 Sep 10
     
    "At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the 'Red Flags' Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance….
sandy ingram

Smaller companies challenged to comply with Massachusetts' data privacy rules - Mass Hi... - 0 views

www.masshightech.com/...usetts-data-privacy-rules.html

compliance Privacy Security Massachusetts proofpoint

shared by sandy ingram on 10 Nov 10 - No Cached
  • The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.
  • some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”
  • “We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”
  • ...4 more annotations...
  • Under the regulations, organizations — no matter where they are based — that store personal information about Massachusetts residents have to write security policies detailing how the data will be protected, encrypt the data when it is stored on laptops or other portable devices or transmitted over public networks, and monitor their systems for breaches.
  • Believed to be among the most stringent data privacy regulations in the U.S., the rules have lawmakers and businesses taking note. The regulations are now driving computer security policy agendas across the country, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge who chairs the firm’s privacy and data protection group. “The impact is much broader than we ever imagined. Who would have thought it would have catalyzed so much activity?” he said. “This will be with us for decades or longer.”
  • Since March, Cutugno Court Reporting and Sten-Tel Inc., a Springfield-based firm that provides document management and transcription systems, has spent “easily into the six-figure realm” on technology and consulting services to comply with the privacy regulations, said Blake Martin, the company’s CIO.
  • To date, state regulators have not yet taken any public enforcement actions against organizations that have failed to comply with the rules. The state attorney general’s office, which is charged with enforcing the regulations, and the Office of Consumer Affairs and Business Regulation, which developed the regulations, have been focusing on compliance efforts, reaching out to trade groups, bar associations and others to spread the word.
  • sandy ingram on 10 Nov 10
     
    "Eight months after the state's tough, new data privacy regulations went into effect, many businesses are still sorting through the rules and working to bring their firms into compliance. "
sandy ingram

The Cloud's Green Advantage - Forbes.com - 0 views

www.forbes.com/...terprise-technology-cloud.html

Privacy Security cloud microsoft

shared by sandy ingram on 17 Nov 10 - No Cached
  • When small organizations (100 users) move to the cloud, the effective carbon footprint reduction could be up to a 90% savings by using a shared cloud environment instead of their own local servers
  • For large corporations, the savings are typically 30% or more. In a case study with a large consumer-goods company, the team calculated that 32% of energy use and resulting carbon emissions could be saved by moving 50,000 e-mail users in North America and Europe to Microsoft's equivalent cloud offering.
  • What accounts for these significant energy savings? Think of cloud computing as being like mass transit. The data center is essentially getting computing applications to carpool or take the bus instead of sitting in their own individual servers. However, unlike mass transit, there is no sacrifice in convenience or performance with this move. Consider the disappointing fact that a typical server in a company often runs at about 10% of capacity, meaning there are lots of servers out there drawing power without doing much computing
  • ...3 more annotations...
  • The economies of scale of cloud data centers allow much higher utilization of servers, dynamic provisioning to better match server capacity to demand, and multi-tenancy to serve thousands of organizations with one set of shared infrastructure.
  • The efficiency benefits of the cloud won't be realized unless customers are thoughtful about decommissioning or repurposing unused servers, and cloud providers like Microsoft continue to innovate in the name of greater and greater efficiency.
  • For companies with their own large-scale infrastructure, this study identifies the key drivers that will let them optimize for the greatest efficiency as well.
  • sandy ingram on 17 Nov 10
     
    "In his piece, "Cloud Computing Meets Energy Management," William Clifford makes important points about the need to optimize the efficiency of both cloud data centers and on-premise computing. However, a new study released this week challenges his assertion that cloud computing "just transfers the consumption problem to another location." The findings suggest instead that cloud computing can significantly reduce the overall net energy use of business computing needs."
sandy ingram

Cloud Computing Guide For Small Business - 0 views

smallbiztrends.com/...cloud-computing-solutions.html

cloud guide small business compliance gartner

shared by sandy ingram on 09 Dec 10 - No Cached
  • 1. The growth of cloud computing is astounding. It is estimated that the worldwide cloud computing market is $8 billion with the U.S. market accounting for approximately 40% of that: $3.2 billion.  According to Gartner’s 2011 predictions, number one on their list of Top Strategic Technologies is Cloud Computing. Gartner also predicts that the SaaS market will hit $14 billion in 2013.
  • 2. Cloud Computing Software Solutions VS Desktop Applications The most common reason why small businesses choose cloud computing solutions over desktop applications is this: It is less expensive because you pay a small monthly amount instead of a one-time fee as it works now with traditional desktop software. On a cash-flow basis, it is less costly because your cloud based apps are often slightly less costly than an annual purchase or upgrade for common programs.  However, you have to look closely at the pricing plans and details for each application.
  • 3. Cloud Computing Solutions are available all the time – no matter where you are. For some business users that operate virtual offices or operate remotely on different machines depending on location and they need the application to be accessible from a web browser. That is one of the biggest advantages of cloud computing– it is available wherever you have access to a computer and browser.
  • ...3 more annotations...
  • When most small business owners or new software companies talk about cloud computing, they usually mean an application that runs from the web and not directly from your not-connected-to-the-Internet desktop (software as a service or SaaS).
  • Cloud computing software solutions, for our purposes here, mean software that has a low monthly fee rather than a one-time capital expenditure. Just about any business function you can think of has a cloud based solution, from phone services to marketing to operations to finance.
  • You may already be relying on cloud computing without even realizing it. Think about your email provider: Are they offering some sort of anti-spam protection? Or what about your anti-virus program? Are they constantly updating and securing your desktop application? They are delivering service from the cloud, without on-premise hardware and software.  This is a great example of how SaaS has infiltrated our work and software installations without us thinking about it.
  • sandy ingram on 09 Dec 10
     
    "In this guide, we suggest 16 things you should consider before deciding whether cloud computing is a good match for your business. Read more about how small businesses use cloud computing."
sandy ingram

Innovations in software, engineering, pharmaceuticals and other fields are being stolen... - 0 views

www.whitehouse.gov/...homeland_security

homeland Obama cybersecurity

shared by sandy ingram on 20 Mar 09 - Cached
  • The first responsibility of any president is to protect the American people. President Barack Obama will provide the leadership and strategies to strengthen our security at home.
  • Barack Obama and Joe Biden's strategy for securing the homeland against 21st century threats is focused on preventing terrorist attacks on our homeland, preparing and planning for emergencies and investing in strong response and recovery capabilities. Obama and Biden will strengthen our homeland against all hazards
  • Protect Our Information Networks
  • ...9 more annotations...
  • Barack Obama and Joe Biden -- working with private industry, the research community and our citizens -- will lead an effort to build a trustworthy and accountable cyber infrastructure that is resilient, protects America's competitive advantage, and advances our national and homeland security.
  • Strengthen Federal Leadership on Cyber Security
  • ensure that the federal government works with states, localities, and the private sector as a true partner in prevention, mitigation, and response.
  • Work with the private sector to establish tough new standards for cyber security and physical resilience.
  • Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development
  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches:
  • Prepare Effective Emergency Response Plans:
  • Working with State and Local Governments and the Private Sector:
  • Create a National Infrastructure Protection Plan:
  • sandy ingram on 20 Mar 09
     
    The first responsibility of any president is to protect the American people. President Barack Obama will provide the leadership and strategies to strengthen our security at home.
sandy ingram

Health care providers anticipate new audit program - 0 views

www.finance-commerce.com/...allenges-as-scrutiny-increases

Health Care Audit

shared by sandy ingram on 05 Jan 09 - Cached
  • New audit program
  • Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
  • The federal government recently offered additional incentives to states that adopt laws that parallel the False Claims Act.
  • ...8 more annotations...
  • Data privacy is another hot-button issue for health care consumers, providers and regulators
  • a Minneapolis attorney, expects to see stepped up reinforcement of so-called “red flag rules” under the Health Insurance Portability and Accountability Act to prevent identity theft from health care providers and their patients.
  • health care organizations need to address three primary areas
  • making sure they have ID-theft prevention programs in place;
  • requirements relating to credit reports;
  • requirements related to the use of debit cards, credit cards and “smart” cards.
  • expects to see greater enforcement and “stiffening” of Medicare and Medicaid reimbursement:
  • As the current economic downturn continues, DeLoss also foresees another trend which should keep health law attorneys occupied in the coming year: more consolidation among medical practices.
  • sandy ingram on 05 Jan 09
     
    Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
sandy ingram

Amended SB1386 - Health care data security breach explained - 0 views

www.scmagazineus.com/...120069

hipppa SB1386 health training breaches

shared by sandy ingram on 01 Nov 08 - Cached
  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  • sandy ingram on 01 Nov 08
     
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • sandy ingram on 01 Nov 08
     
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
sandy ingram

Information Security Clauses and Certifications - Part 1 : Info Law Group - 0 views

www.infolawgroup.com/...uses-and-certifications-part-1

Privacy Security Best Practice

shared by sandy ingram on 21 Jan 10 - Cached
  • What contractual information security provisions should you consider, as a customer or as a vendor or business partner, when the contract contemplates the exchange of protected information? What do security standards and audits entail for a vendor, and what do they offer for a customer?
  • With heightened liability and compliance risks associated with handling protected categories of data, it is becoming more common to see contractual requirements holding vendors accountable for information security or requiring them to conform to a specified information security standard
  • sandy ingram on 21 Jan 10
     
    Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches. The contract may also set expectations more precisely by incorporating a written security policy or referring to a widely accepted information security standard, sometimes accompanied by a requirement for a third-party security audit or assessment
1 - 20 of 23 Next ›
Showing 20 items per page