Skip to main content

Home/ WPPS C-Suite News/ Group items tagged privacy

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Bill Gives DHS Lead on Fed IT Security Policy - 0 views

www.govinfosecurity.com/articles.php

dhs privacy security FISMA IT

shared by sandy ingram on 17 Aug 09 - Cached
  • The thinking behind shifting responsibility to DHS from OMB is that Homeland Security has the cybersecurity expertise whereas OMB's proficiency is budgeting. "Already, the Department of Homeland Security is the coordinating agency on cybersecurity," the staffer said. "Now, what you're doing is drastically strengthening the role of DHS by putting into law and then also, giving them the ability to say, with FISMA, approve or not to approve agencies plans, controls, frameworks, the way they secure their systems."
  • The bill also continues the role of the National Institute of Standards and Technology as the key government agency to develop IT security guidance, but leaves it to DHS the decision which guidance has priority.
  • sandy ingram on 17 Aug 09
     
    The responsibility to oversee information security among federal agencies would shift to DHS from the White House Office of Management and Budget under revisions of the measure, nicknamed U.S. ICE, that updates IT security guidance detailed in the seven-year-old Federal Information Security Management Act (FISMA), according to a senior cybersecurity staff member on the Senate Committee of Homeland Security and Government Affairs.
sandy ingram

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule - 0 views

www.ftc.gov/...redflag.shtm

Red Flags Rule FTC Privacy Security Enforcement

shared by sandy ingram on 30 Jul 09 - Cached
  • The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. The financial regulatory agencies, including the FTC, developed the Rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA).
  • The FTC’s Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to comply with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.
  • sandy ingram on 30 Jul 09
     
    The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the Rule and any obligations that they may have under it. These steps are consistent with the House Appropriations Committee's recent request that the Commission defer enforcement in conjunction with additional efforts to minimize the burdens of the Rule on health care providers and small businesses with a low risk of identity theft problems. Today's announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies' enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.
sandy ingram

Few businesses are likely to be insured against the result of cyber attacks - Security ... - 0 views

www.securitypark.co.uk/security_article263278.html

Best Practice Privacy Security Insurance Employee Fraud unemployment resession

shared by sandy ingram on 21 Jul 09 - Cached
  • Businesses are advised to thoroughly review risk management procedures and insurance programmes to ensure they have adequate and relevant cover in place: “The responsibility to get the house in order should lie with an organisation’s Managing Director or Finance Director, and not the IT department alone,” says Simon. “IT defences whilst vital only react to known problems and are not guaranteed to be 100 percent secure. Protection for the whole business and its sustainability is without doubt the safest option.”
  • “The economic downturn has resulted in people of all levels and responsibilities losing their jobs, and those with a detailed knowledge of their former employers’ IT and operating systems may well present a real potential threat, and turn to extortion as a way of taking revenge on their former employer, and of making some money at the same time.
  • According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss.
  • sandy ingram on 21 Jul 09
     
    According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss. "According to a DTI Information Security Breaches Survey, a third of UK businesses think general business insurance provides full cover for damage to the business arising from data loss," comments Wilsons' Simon Hoare, "but the reality is quite different, with very few businesses likely to be insured against the result of cyber attacks on its most crucial management and business tool - corporate and customer information, most of which is today held on corporate IT systems. "For public company directors, this is in fact in breach of their duties under the Turnbull Report, which requires them to identify, manage and take an informed opinion on the transfer of risks for the business."
sandy ingram

CEOs underestimate security risks, survey finds - 0 views

www.computerworld.com/...te_security_risks_survey_finds

Best Practice privacy security CEO Ponemon suvey

shared by sandy ingram on 18 Jul 09 - No Cached
  • Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
  • of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues.
  • 48% of CEOs surveyed said they believe hackers rarely try to access corporate data
  • ...5 more annotations...
  • On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
  • The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided.
  • CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
  • While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was.
  • More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way
  • sandy ingram on 18 Jul 09
     
    Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
sandy ingram

SANS Institute - Special Webcast: Cyber Terrorism: Fact or Fiction - 0 views

www.sans.org/...show.php

cyber Terrorist webcast event Privacy Security Sans

shared by sandy ingram on 06 Jul 09 - No Cached
  • The topic of Cyber Terrorism has been a subject of many debates as to the reality of a significant event-taking place at the click of the button. In recent media coverage we've seen the London & Spain train bombings being triggered remotely using one of the most world's most adopted technologies, a cell phone. Who would ever think that someone would use a cell phone as a trigger point for detonating a bomb? Additionally, who would ever think that a terrorist organization would realize that all cell phones on the same cellular network receives their time/date from the same network timeserver so everyone has the correct time. This has allowed them to conduct simultaneous attacks via sms or speed dial on their phone.
  • sandy ingram on 06 Jul 09
     
    The topic of Cyber Terrorism has been a subject of many debates as to the reality of a significant event-taking place at the click of the button. In recent media coverage we've seen the London & Spain train bombings being triggered remotely using one of the most world's most adopted technologies, a cell phone. Who would ever think that someone would use a cell phone as a trigger point for detonating a bomb? Additionally, who would ever think that a terrorist organization would realize that all cell phones on the same cellular network receives their time/date from the same network timeserver so everyone has the correct time. This has allowed them to conduct simultaneous attacks via sms or speed dial on their phone.
sandy ingram

Healthcare Stimulus to Drive Compliance - 0 views

blog.courion.com/...e-Stimulus-to-Drive-Compliance

ARRA privacy security compliance HIPAA Healthcare

shared by sandy ingram on 25 Jun 09 - Cached
  • the requirements that the American Recovery and Reinvestment Act (ARRA) will impose on healthcare organizations
  • sandy ingram on 25 Jun 09
     
    specifically how they are required to prove audit compliance with respect to their use of electronic protected health information.
sandy ingram

Security Fix - Malicious Attacks Most Blamed in '09 Data Breaches - 0 views

voices.washingtonpost.com/...ious_attacks_blamed_for_m.html

privacy security breaches employees theft

shared by sandy ingram on 25 Jun 09 - Cached
  • The ITRC found only a single breach in the first half of 2009 in which the victim reported that the lost or stolen data was protected by encryption technology
  • sandy ingram on 25 Jun 09
     
    The ID Theft Center found that of the roughly 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12, victims blamed the largest share of incidents on theft by employees (18.4 percent) and hacking (18 percent). Taken together, breaches attributed to these two types of malicious attacks have increased about 10 percent over the same period in 2008.
sandy ingram

Five Steps to HITECH Preparedness - CIO.com - 0 views

www.cio.com/...e_Steps_to_HITECH_Preparedness

HITECH privacy security Compliance CIO

shared by sandy ingram on 23 Jun 09 - Cached
  • In 2008, 44% of breach incidents were due to third-party handling of data. With HITECH, organizations will now be held responsible for a third party's handling of your data
  • sandy ingram on 23 Jun 09
     
    In 2008, 44% of breach incidents were due to third-party handling of data. With HITECH, organizations will now be held responsible for a third party's handling of your data
sandy ingram

Sunbelt Blog: No anti-virus software or procedures = compliance i$$ue - 0 views

sunbeltblog.blogspot.com/...us-software-or-procedures.html

privacy security Fraud Cybersecurity sunbelt compliance Anti-Virus penalty

shared by sandy ingram on 29 Oct 09 - Cached
  • sandy ingram on 29 Oct 09
     
    "Commonwealth Equity Services LLP of Waltham, Mass., agreed to pay the penalty for failing to have anti-malware software on its reps computers or written security policies to deal with security breaches. Securities brokers and registered investment advisors are required by SEC regulations to have written procedures to protect customer information."
sandy ingram

Study Finds U.S. Small Businesses Lack Cybersecurity Awareness and Policies | Reuters - 0 views

www.reuters.com/...144244+27-Oct-2009+PRN20091027

privacy security Fraud employees Cybersecurity

shared by sandy ingram on 29 Oct 09 - Cached
  • Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.
  • The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.
  • The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.
  • ...7 more annotations...
  • "The 20 million small businesses in the U.S. are a critical part of the nation's economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive,"
  • small businesses seem out of sync with some Internet security risks. 75 percent of small businesses said that they use the Internet to communicate with customers yet only 6 percent fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business.
  • Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords
  • "Security threats are becoming more complex and employees of small businesses are increasingly the target of attacks that expose their organizations to data loss,"
  • "Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information."
  • The demographic makeup of the small business polled
  • sandy ingram on 29 Oct 09
     
    "Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices."
sandy ingram

Symantec Finds Clouds are Rolling in for Healthcare | Symantec Connect - 0 views

www.symantec.com/...-clouds-are-rolling-healthcare

Privacy security compliance HIPAA Best Practice

shared by sandy ingram on 30 Mar 11 - No Cached
  • best practices are being swept under the rug. Only 31 percent of respondents archived according to HIPPA recommendations
  • Another third stored archives in a single data center and only slightly more (36 percent) stored archives in datacenters located less than 100 miles apart.
  • Hosted solutions offer an attractive alternative to the healthcare industry. Such solutions ease the burden on in-house IT, which is typically characterized by few people, limited dollars and huge workloads.
  • ...2 more annotations...
  • These problems are becoming more of an issue, too, as the amount of data stored by providers is rapidly and unceasingly increasing.
  • Still, a few providers aren’t quite sold. The survey showed there are three main concerns from those not considering hosted solutions. First, they aren’t sold on hosted solutions’ security. Forty-three percent of respondents shared this concern, which is a common concern with the cloud. Second, 32 percent of respondents said they aren’t sure about the performance. Providers can’t afford down time, and this is a new solution with which they don’t have experience. The third concern, shared by 31 percent, is the cloud is too costly.
  • sandy ingram on 30 Mar 11
     
    At HIMSS' annual conference this year, Symantec sponsored a survey to find out what the forecast is like for the healthcare IT industry. The consensus: cloudy. In general, the survey showed healthcare providers are beginning to see some of the needs and problems with their current situations. Of the 568 healthcare professionals who responded to the survey, 55 percent said disaster recovery keeps them up at night. This is understandable since a healthcare system is subject to HIPAA and other legal and regulatory requirements as well as having to support complex infrastructures. What makes the situation worse is that many providers don't have a solid plan. Of the systems most likely to have full-proof disaster recovery plans, only 31 percent do.
sandy ingram

Databreach Calculator : Estimate Your Risk Exposure - 0 views

databreachcalculator.com.sapin.arvixe.com/Default.aspx

Privacy security compliance Best Practice databreach estimate

shared by sandy ingram on 30 Mar 11 - No Cached
  • sandy ingram on 30 Mar 11
     
    Since 2005, The Ponemon Institute has examined the cost incurred by organizations, across industry sectors, after experiencing a data breach. The results were not hypothetical responses. They represent cost estimates for activities resulting from actual data loss incidents. Based on five years of trend data, we have created a calculator that will estimate how much a data breach could cost your organization. We can calculate: The likelihood that your company will experience a data breach in the next 12 months. The cost per record in the event of a data breach at your Company. The cost of a data breach at your company. Answer a few short questions to find out how a data breach could impact your company as well as to see how you compare with other companies.
sandy ingram

Cracking Down on ID Theft: A Case for Cloud Computing - 0 views

www.healthcareinfosecurity.com/articles.php

Privacy security compliance Best Practice PCI-DSS HIPPA Red Flags Rule

shared by sandy ingram on 01 Apr 11 - No Cached
  • The PCI Security Standards Council created the criteria, but the five leading credit card companies each maintain their own compliance and enforcement programs
  • and each has its own way to validate compliance.
  • In many cases, banks or merchant service providers are now sending letters to organizations that have smaller payment card transaction levels and asking them to prove they are compliant by completing a self-assessment questionnaire,
  • ...4 more annotations...
  • If an organization can meet all of the requirements of PCI, it's going to be in great shape when it comes to HIPAA security compliance,"
  • The PCI standard applies only to those systems and applications used for storage, processing or transmission of cardholder data,
  • any organization that accepts credit and/or debit cards must comply with the Payment Card Industry Data Security Standard, but many hospitals and clinics have overlooked this obligation, says security expert Tom Walsh
  • Red Flags Compliance
  • sandy ingram on 01 Apr 11
     
    In many cases, banks or merchant service providers are now sending letters to organizations that have smaller payment card transaction levels and asking them to prove they are compliant by completing a self-assessment questionnaire, he explains.
sandy ingram

Information governance policy issue: Who owns a governance program? - 0 views

searchcontentmanagement.techtarget.com/...-Who-owns-a-governance-program

Privacy security governance Best Practice

shared by sandy ingram on 23 Apr 11 - No Cached
  • sandy ingram on 23 Apr 11
     
    "In risk-averse or highly litigious companies, the legal department should own the information governance program, but they should hire an information management person at a high level,"
sandy ingram

Managing Cloud Risks - Forbes - 0 views

www.forbes.com/...managing-cloud-risks

security privacy compliance Best Practice cybersecurity cloud GRC

shared by sandy ingram on 27 Oct 11 - No Cached
  • SLAs and the “Right to Audit” Clause When you move your data to the cloud, you must consider the risk to your brand should a breach occur. You need to ensure that any Service Level Agreements (SLAs) you have in place protect it. SLAs should address any and all risks to your data while it lives in the cloud. 
  • sandy ingram on 27 Oct 11
     
    Vendor Risk Management and Cloud Security Standards Another important consideration when mapping out your cloud GRC strategy is to ensure your vendor risk management program accounts for the new risks that come with moving to the cloud.
« First ‹ Previous 81 - 95 of 95
Showing 20 items per page