Category Archives: Intellectual Property

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

The Anatomy of Data Risk Management

Posted on by

As we posted yesterday, Saturday, January 28, is Data Privacy Day. Keeping with that theme, we think it’s important to focus on data risk management. Brian McGinley, senior vice president of data risk management at Identity Theft 911 offers this well-written piece on the timely topic.

Think of data as a living organism.

Just like a human body, data has various components and life support systems that must be maintained to ensure the whole thrives and survives. You can think of a data risk specialist as a doctor trying to keep the organism healthy through its various life stages.

Data, our hypothetical patient, (you’re welcome Star Trek fans) needs a safe and healthy environment, a supportive lifestyle and good hygiene. Just as a doctor has to consider external threats (“do you smoke?”) so does the data risk manager.

Let’s look at what this all means, and how this philosophy can be applied to your businesses policies and practices.
Data, our hypothetical patient, has three basic forms: paper, electronic and human memory.  A good data risk management plan must consider all three.

Controlling paper and electronic data is what we think of most when considering data security. This is your standard (or what should be standard) security policy, access controls procedures, system audits, and the like. It’s where security planning meets IT.

Human memory is a little more elusive. Education, security training and a reward-demotion plan can help control human errors, as can confidentiality agreements, and project-specific security contracts. These are the tools of teachers and lawyers. Generally speaking, there are four key rules to protecting data in all its forms:

  1. Be stingy with sensitive data, internally and externally;
  2. Provide access to data on a need-to-know basis;
  3. Provide access only to that specific data, rather than entire data sets;
  4. Be deliberate in how data is handled, used and shared.

Data has a life cycle. If your data doesn’t, it should. Whether it’s government secrets or an online shopper’s credit card number, data is received or created within your company’s computer systems. It is used, maintained and stored. It is archived or destroyed. That data, in all cases, has three basic states: in action, in motion or at rest. Take the credit card number example: that information can be used, the card charged, or moved to another computer system, or archived. Use, motion, rest.

There are four fundamental rules regarding the life cycle of data:

  1. If the organization doesn’t need it, don’t collect it.
  2. If data must be collected, collect only what is needed.
  3. If data is needed, control it and encrypt it.
  4. When data is no longer needed, get rid of it – SECURELY.

Now that we know what data looks like (paper, electronic, mnemonic) and how it lives (in action, in motion, at rest) we should consider those external threats, namely data breaches. A data breach is an incident (or series thereof) in which sensitive, protected or confidential information has potentially been viewed, stolen or used with unauthorized access. This can be a hacker attack, an internal company mistake that results in exposed information or, in some cases, corporate or government espionage. A data breach can be anything that jeopardizes data.

These threats range from simple user negligence, operating or systemic issues, all the way to highly complex criminal attacks launched against your organization. As anyone who follows the tech news knows, sensitive consumer and business information has become a criminal commodity.
With this hostile environment in mind, it is imperative for the business to plan and prepare not only for the protection of their information, but also for the response and recovery of their data and business in the event of a data breach. For a data manager or security professional to fail to issue such a warning would be akin to that doctor not asking about smoking.

At the end of the day, data as an organism is more than an extended metaphor. It’s a means to look at your company’s data products in an abstract way and understand how it operates. This, in turn, will allow you to develop the proper health plan. Just like with our health, there is no single wonder pill. But there are data doctors out there who can analyze your businesses’ risk posture and recommend ways to get it in shape.

 

Protecting Your Business from Cybercrime

Posted on by

Saturday, January 28, is Data Privacy Day, a day designed to promote awareness about privacy and education about best privacy practices. With that in mind, we decided to devote today’s and tomorrow’s posts to data privacy and how companies can achieve more secure, robust methods to dealing with the ever-present risk of cyber crime and data theft. Today’s post is by Tim Francis, business insurance management and professional liability and cyber insurance lead for Travelers.

IT departments play a pivotal role in identifying and mitigating exposures to cyber threats. However, there are risks that exist outside the company network. Businesses may be overlooking other points of vulnerability where a hacker can potentially attack, including but not limited to company cell phones, smart phones, tablets, laptops and other mobile devices. Every type of technology brings the potential for a cyber crime. Even if every employee is securing their personal and work technologies constantly, information can be compromised.

Institutions that understand the commitment necessary to create a robust anti-fraud program have a plan in place that involves numerous security options. This includes proper breach response planning, establishing information, and insurance protection. Corporate risk managers can be a valuable asset to their companies by becoming part of the planning process. They can also activate their professional networks and refer their companies to other advisers for additional guidance including lawyers, crisis communications specialists and other professionals.

Corporate risk managers should also advise their companies on the importance of employee engagement as part of a cyber risk management plan. When employees understand the potential impact on the company (possibly including their job security) they are likely to be more willing to take the necessary precautions to protect company information by following established protocols for information security. Employees should understand the costs associated with addressing a breach including having to install credit monitoring for hacking victims, liability expenses and potentially losing business and even deterring new business opportunities from prospective clients who get wind of security failures. Getting full buy-in and participation for mitigating cyber risk from the top down in an organization can make a significant impact on reducing cyber exposures.

Operating without a cyber risk management plan could have a crippling effect on a company’s reputation. The way in which companies respond to cyber threats can be scrutinized by clients, stakeholders and the public, especially because victims are often directly impacted by slow response. For example, if a company does not respond quickly, victims of the crime may miss opportunities to cancel credit cards and alert their banks about suspicious activity. The window for fraudulent activity can be prolonged by companies that are unprepared to deal with a cyber breach. With a strategy in place for responding to a cyber event, businesses can execute against their plan and focus on getting back to business as usual.

As cyber attacks dominate headlines, companies must make efforts to properly secure both their technology and networks. Recent media reports have identified major companies, organizations and governmental entities across the U.S. as unfortunate examples of what can happen when a business is unprepared for a cyber crisis. Corporate risk managers can help their companies to adapt their risk management strategies and practices so that their employees and their customers remain ahead of emerging cyber risks.

Cloud Computing: Convenience Versus Confidence

Posted on by

Cloud computing has become a convenient and cost efficient way for companies to store data while using remote, shared servers located in the “cloud.” But what is cheap and easy, isn’t always safe.

Take Amazon.com, for example. The company branched out into the cloud computing business five years ago and has since offered computing resources to thousands of businesses — most of them small with a low likelhood of having data backup and recovery services (bad risk management!).

Last week, that lapse in risk management was felt after Amazon.com’s cloud services crashed, disrupting web services for companies as large as Pfizer and as small as FourSquare.

The Amazon interruption, said Lew Moorman, chief strategy officer of Rackspace, a specialist in data center services, was the computing equivalent of an airplane crash.

online pharmacy arava with best prices today in the USA

It is a major episode with widespread damage. But airline travel, he noted, is still safer than traveling in a car — analogous to cloud computing being safer than data centers run by individual companies.

online pharmacy azithromycin with best prices today in the USA

As of this morning, many of the affected sites are back online, though “some historical data might be missing,” according to Chartbeat, a company that monitors the online presence of websites.

The risks of cloud computing is not a new topic among business owners, CIOs and risk managers — far from it. For years, talk has circled regarding privacy, compliance and legal issues. One recent article in PC World examines the risks of cloud computing. It covers topics such as who accesses your data, regulatory compliance and (probably most importantly) data loss and recovery.

online pharmacy zoloft with best prices today in the USA

Corporate cloud computing is expected to grow rapidly, by more than 25% a year, to $55.5 billion by 2014, according to International Data Corporation estimates. And as the popularity of cloud computing grows, so will the potential risks. With that in mind, companies are wise to evaluate such perils and plan for what could go wrong with such a modern technology marvel.

The Cost of a Data Breach

Posted on by

Six years ago, The Ponemon Institute conducted its first “Cost of a Data Breach” study in the United States. Since then, the independent research firm has expanded into the United Kingdom, Germany, France and Australia. This most recent study focuses on actual data breach experiences of 51 U.S. companies from 15 different industry sectors.

The results of Ponemon’s 2010 study, which were released this month, find that:

  • For the first time, malicious or criminal attacks are the most expensive cause of data breaches and not the least common one
  • Organizations are more proactively protecting themselves from malicious attacks
  • Companies’ investments in finding and remediating data breaches may be paying off
  • For the third straight year, direct costs accounted for a larger proportion of overall data breach costs

Other important findings include: more organizations favor rapid response to data breaches, and that is costing them greatly; for the fifth year in a row, data breach costs have continued to rise (the average cost of a data breach in 2010 increased to $7.2million, up 7% from $6.8million in 2009); breaches by third-party outsourcers are becoming slightly less common but much more expensive; more companies had better-than-average security postures, and those organizations enjoyed much lower data breach costs.

buy cellcept online orthomich.com/img/blog/jpg/cellcept.html no prescription pharmacy

The report points to popular and effective technologies that are currently available to secure data both within an organization and among business partners.

buy periactin online orthomich.com/img/blog/jpg/periactin.html no prescription pharmacy

They include:

  • Encryption (including whole disk encryption and for mobile devices/smartphones)
  • Data loss prevention (DLP) solutions
  • Identity and access management solutions
  • Endpoint security solutions and other anti-malware tools