Skip to main content

Home/ WPPS C-Suite News/ Group items tagged c-level

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Three Things That Every CEO Should Know About Cyber Security Spending - The Firewall - ... - 0 views

blogs.forbes.com/...-about-cyber-security-spending

cybersecurity Best Practice c-level

shared by sandy ingram on 15 Nov 10 - No Cached
  • ONE: If your enterprise isn’t in energy, defense, or finance, it’s not a high priority target so don’t spend money like it is.
  • TWO: If you do lead a company in one of those 3 sectors, there’s nothing on the market today that will stop an adversary from stealing your most valuable data. The best that you can hope for is to raise the cost to an adversary to mount a successful attack against you, which means he’ll target a less well-protected company instead. This is known as the You-Don’t-Have-To-Outrun-The-Bear School of Security.
  • THREE: Your IT department’s job is not to protect you. It’s to protect the enterprise’s network. That makes you and your C-level colleagues the “10 ring” of the target.
  • ...2 more annotations...
  • Most C-level executives are inundated with far more material then they could ever read, so this post will be short and to the point. If you’re a CEO, CIO, or other C-level executive, here are three things that you need to know to avoid over-spending on cyber security:
  • I’m giving a free webinar at 10am (Pacific time) this morning for UBS and their clients on the evolving state of cyber warfare in general and risks to C-level executives in particular. In addition to surveying the threats, I’ll offer some advice on how executives can defend themselves. Here’s the information you’ll need to join the call: Participant Toll-free: 800-768-5109 Toll: 212-231-2909 Code: 21488152
  • sandy ingram on 15 Nov 10
     
    "Most C-level executives are inundated with far more material then they could ever read, so this post will be short and to the point. If you're a CEO, CIO, or other C-level executive, here are three things that you need to know to avoid over-spending on cyber security:"
sandy ingram

CEOs underestimate security risks, survey finds - 0 views

www.computerworld.com/...te_security_risks_survey_finds

Best Practice privacy security CEO Ponemon suvey

shared by sandy ingram on 18 Jul 09 - No Cached
  • Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
  • of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues.
  • 48% of CEOs surveyed said they believe hackers rarely try to access corporate data
  • ...5 more annotations...
  • On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
  • The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided.
  • CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
  • While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was.
  • More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way
  • sandy ingram on 18 Jul 09
     
    Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
sandy ingram

Study Finds Companies Struggle to Measure Effectiveness of the Compliance Function - 0 views

www.pwc.com/...PwC-Compliance-Week.jhtml

Privacy security compliance survey

shared by sandy ingram on 24 May 11 - No Cached
  • Senior compliance officers at more than 100 leading U.S. companies responded to 28 questions in four key areas critical for the compliance function: leadership, reporting relationships and structure; compliance function scope, focus and risk; metrics to gauge program effectiveness; and budget, staffing and resources. A major finding of the study: One of the biggest obstacles facing Chief Compliance Officers (CCOs) is measuring the effectiveness of their compliance functions - almost 40 percent of the companies surveyed said they make no attempt to measure the effectiveness of their compliance program.
  • “An effective compliance program is the cornerstone of cooperation credit allowed under the U.S. Sentencing Guidelines and stakeholders are demanding much higher transparency in how compliance risk is effectively managed,” said Miles Everson, PwC principal and global and U.S. risk and compliance leader.
  • “Without a clear measure of the compliance department’s effectiveness, much else is in jeopardy. Lacking this,
  • ...8 more annotations...
  • how does the board know that compliance risks are effectively addressed?  Let alone that the compliance function itself is effective? 
  • According to the study, a critical element to the compliance department’s success is the perceived stature of the CCO and his or her influence among other top leadership.
  • “It’s essential that the compliance function have visibility and direct access both to senior executives in the organization and to the board or one of its committees,” added Everson. “This access helps keep risk and compliance issues on the company’s agenda and lets key ethics and compliance issues surface in a timely fashion.”
  • The State of Compliance survey also provided another interesting glimpse into corporate compliance when it asked about reporting structures. Regulators have long preferred that a company’s top compliance officer report directly to the board, and just last year the U.S. Sentencing Guidelines were revised to state more clearly that CCOs should not be, nor report to, the general counsel.
  • PwC and Compliance Week also found that, over the next 18 months, CCOs anticipate significant challenges when it comes to risk - and that when issues arise, they expect the consequences to be severe.
  • When asked about several high-level categories of risk, such as compliance risk, security risk, reputational risk and others, 48 percent believed the likelihood of a compliance failure was high or very high. 
  • What's more, 65 percent of respondents felt the impact of a compliance risk event, should it occur, would be high or very high. 
  • Effective compliance programs need input and guidance from many different voices in the company (IT, internal audit, finance, security). It is in the company’s benefit for the compliance department to borrow resources from those teams to achieve its goals, rather than build its own expertise in each department.
  • sandy ingram on 24 May 11
     
    "The results of The State of Compliance: 2011, an inaugural study conducted by PwC US and Compliance Week, will be released today at the Compliance Week 2011 6th Annual Conference for corporate financial, legal, risk, audit and compliance officers in Washington, D.C. The report - the first of its kind - identifies a wide range of compliance issues confronting organizations today and will stay current as new companies participate, accurately reflecting the changing compliance landscape."
sandy ingram

Amended SB1386 - Health care data security breach explained - 0 views

www.scmagazineus.com/...120069

hipppa SB1386 health training breaches

shared by sandy ingram on 01 Nov 08 - Cached
  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  • sandy ingram on 01 Nov 08
     
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • sandy ingram on 01 Nov 08
     
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
1 - 4 of 4
Showing 20 items per page