WPPS C-Suite News

Banks and financial firms are placing more emphasis on internal threats to cut the flow of data leakage as a result of employee mistakes or workers disgruntled with layoffs and downsizing during the economic crisis, according to a recent survey.

CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing

"This is one of the most significant threats companies face,"

People to Google: Doug Leland, Microsoft John Brennan, the President's top adviser for counterterrorism and homeland security. Kevin Rowney, Symantec, founder of the firm's Data Loss Prevention Unit

the Ponemon Institute, a Tucson, Ariz., based independent research company, found that companies spent roughly $202 per consumer record compromised. The same study put the total cost of a breach in 2007 at $6.3 million, and roughly $4.7 million in 2006.

notifying employees of clear rules on what is acceptable and what is not, balancing the need to monitor with the employees' reasonable expectations of privacy and weighing the overall benefits of allowing personal usage against the risks of doing so, are all issues with which managers will be familiar.

For employers, the temptation to utilise sites such as Facebook and MySpace may also lead them into trouble. Some employers view the scanning of such sites for information on prospective employees as legitimate; others view it as distasteful and intrusive (the equivalent of rummaging through a candidate's personal items). Whatever the view, employers adopting this approach would do well to heed the warning of the TUC's guidance on online social networking. This guidance reminds employers that only a minority of potential staff will have a public profile on a social network, so using information from this source can give either an unfair advantage or disadvantage to certain candidates, as well as leaving the employer open to the accusation of discrimination.

Employers have had to grapple with the issues raised by employee use of the Internet for some years and the rise of online social networking presents another challenge. There is no obvious conclusion here; employers will have to do what they consider to be correct in the light of their business concerns, their employee relations and their business culture. The dilemma posed by the heightened risks surrounding online social networking, whether to trust or restrict employees, does not lead to one "right" answer, but there is certainly a "wrong" answer. Given the ever-growing popularity of such sites and the potential consequences for employers of employee misuse, simply ignoring the issue can only lead to problems for the unwary employer.

The Federal Trade Commission, in conjunction with two international organizations, will host a two-day international conference: "Securing Personal Data in the Global Economy." The conference addresses how companies can manage personal data-security issues in a global information environment where data can be stored and accessed from multiple jurisdictions.

The economic downturn will hit the Internet economy hard in 2009, according to the latest available OECD estimates. The IT Outlook 2008 says that the IT industry is likely to have grown by 4% at most in 2008 compared to the previous year. But with the outlook for the global economy worsening and business and consumer confidence plumetting, growth will remain flat or decline in 2009.

Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.

New laws to crack down on Facebook identity fraud

survey also said that cybersecurity issues need to be seen as an enterprise risk management problem rather than an IT issue.

"If staff suddenly leave a hedge fund, investors should pay attention."

Volatile markets may tempt hedge-fund fraud

Societies and economies are rapidly changing; and the power of "us" has become far more important than the power of "you"

"Our opportunity is to build a globally connected human network capable of working collectively to address the significant social, economic, and political issues of our time. As leaders, it is our responsibility to lead by collaborative example,"

"...it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century."

Group hopes to shape nation's privacy policy