WPPS C-Suite News

"At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the 'Red Flags' Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance….

MOUNTAIN VIEW, Calif. - August 4, 2010 - Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2010 Information Management Health Check Survey, which highlights that a majority of enterprises are not following their own advice when it comes to information management. Eighty-seven percent of respondents believe in the value of a formal information retention plan, but only 46 percent actually have one. Survey results also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.

Existing cloud users are satisfied. Security is not considered to be an issue

The journey leading up to where we are today has been taking place for 15 years now, starting way back with Windows Live and Hotmail. Since then, the services and offerings served up online through cloud from Microsoft have continued and expanded. Today, there are a number of cloud based solutions available, enabling individuals and businesses around the world to do so much. Here's a look at some of these, with links to more information about each and trials of these for you:

What the government IT manager needs when getting ready to embark on their migration to the Cloud is a good template; one that defines a proven roadmap to follow.What Cloud Computing Summit attendees learned (and now you) is that help is on the way. Cloud and SOA expert Dave Linthicum has developed a step-by-step plan to help you scale the heights. He goes through them meticulously in his new book Cloud Computing and SOA Convergence In Your Enterprise: A Step-by-Step Guide. At the Summit, Linthicum outlined the plan. Afterwards he told 1105 Custom Media you can consider Cloud Computing the extension of SOA out to Cloud-delivered resources, such as storage-as-a-service, data-as-a-service, and platform-as-a-service.

"Didn't See That Coming? Why Many Employers are Vulnerable to Employee Fraud"

The House Cybersecurity Caucus has established a website.

Just a few weeks ago, Lincoln Medical and Mental Health Center learned a hard lesson. If you didn't see the news reports, the N.Y.-based healthcare provider notified over 130,000 individuals that their records -- including diagnostic information, Social Security numbers, dates of birth, and other information of use to identity thieves -- was potentially lost."

"The Need for Risk-Based FCPA Compliance Assessments How To Deal With Increasing FCPA Risks In a Time of Shrinking Budgets In a time of dwindling funds, growing risks, and increased government targeting of companies that cut compliance budgets, a proper anti-corruption assessment is a vital first step in creating a cost-effective compliance program When a warning comes straight from the mouth of the U.S. Government's lead prosecutor in a field directly affecting their bottom line, it is wise for businesses to pay heed. In an interview earlier this year with PBS's investigative journal, "Frontline," Mark Mendelsohn, the Deputy Chief of the U.S. Department of Justice's Fraud Section, which is charged with enforcing the Foreign Corrupt Practices Act ("FCPA"), offered advice to all American businesses dealing with the current global recession. "I think that companies need to be especially vigilant in this economic climate to not cut back [on FCPA compliance]," Mendelsohn said. "Our law enforcement efforts are not going to be scaled back, and so it would be, I think, a grave mistake for a company to take that path.""

As we previously mentioned, Connecticut Attorney General Richard Blumenthal filed the first HIPAA-related lawsuit. That lawsuit has now been settled, also a first. The settlement agreement [PDF] between the State of Connecticut and the defendants (Health Net) is the result of the loss of a computer disk drive that had unencrypted health information for 1.5 million health plans. Health Net, under the terms of the settlement, has agreed to pay $250,000 to the state of Connecticut, offer 2 years of credit monitoring to those affected, obtain identity theft insurance and reimburse those affected for security freezes. They will also be required to greatly improve their security measures.

"As the volume of electronically stored information (ESI) rises rapidly, improving the understanding among the C-suite, legal and IT functions is key to controlling costs and better managing e-discovery risks."

In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program. According to the Ponemon Institute Study - 2009 Security Mega Trends, an average of 50.5% of organizations who outsourced sensitive and confidential data to third parties experienced a security incident or data breach as a result of outsourcing. In this 1-hour live webcast, Michael Rasmussen, President at Corporate Integrity, will share his insights on the importance of vendor management, as well as his recommendations of best practices for defining and executing an effective strategy. Chris Noell, EVP of Product management of TruArx, will then provide a brief overview of how GRC tools such as TruComply can automate key vendor management activities and enable these best practices. In this session, you will learn about: *The importance of vendor management and how it applies to your business *Best practices for defining and executing an effective vendor management strategy *How you can quickly and cost-effectively establish a mature vendor management program

One of the main reasons organizations are broken into today is because they are fixing the wrong vulnerabilities. If you fix the threats of three years ago, you will lose. APT allows organizations to focus on the real threats that exist today. While APT is important, we need to clear the smoke and hype, focusing on why it is important and what it means to you. Instead of just using it as a buzz word, if we understand the core components of APT, we can use it to improve our security. In APT, threat drives the risk calculation. Only by understanding the offensive threat will an organization be able to fix the appropriate vulnerabilities.  What is APT?

"We were told by a third-party vendor that all security measures were in place,"

The California Department of Public Health ("CDPH") recently announced its imposition of $675,000 in fines to six hospitals that had reported security breaches involving medical records (since January 1, 2009, the CDPH has issued fines totaling $1.1 million). The story has been extensively reported on in the media . You can listen to the CDPH's press conference here. The total number of records exposed was only 244, for an average fine of around $2,766 per record. To put that in perspective, if a California hospital suffered a breach involving 100,000 medical records, using the average stated here, their potential fines could be $276 million (assuming no cap for fines and penalties -- the relevant laws do have a cap of $250,000 per incident).

only 26 percent. This means another 74 percent of employees at those companies did something bad and didn't get fired.

The handling of data breach incidents has become a way of life for healthcare providers and with other HIPAA covered entities. With the passage of the HITECH Act last year, there are now substantial penalties that can be levied, up to $1.5 million. This fact, combined with a requirement to notify the Department of Health and Human Services as well as the media for data breach incidents that affect over 500 individuals has, for the first time, resulted in public records being kept for such incidents. If you oversee privacy, compliance, or IT for a hospital system, a group practice, a health insurance company, other covered entities, or even one of their business associates, the HITECH Act and its privacy and data breach provisions require your close attention. While many people know that HITECH generally creates requirements for data breach notification, there are at least four things you may not know about HITECH that you really should: The requirement for a mandatory incident-specific risk assessment for every incident The fact that HITECH notification provisions do not pre-empt state notification laws Encryption of data does not necessarily alleviate the risk of data breach If your business associate exposes your protected health information (PHI), you are responsible

Global risk managers are challenged by new boardroom demands of insurer security, balance sheet transparency, and heightened accountability.

How do you find the right cloud provider? There's not a consistent checklist either small or large companies can go through to make the selection