www.heavensgatel2.fora.pl
Heavens Gate Lineage 2
The time now is Sat 22:57, 16 Nov 2024

The leaky corporation to disclose confidential com

 
Reply to topic    www.heavensgatel2.fora.pl Forum Index -> Forum testowe
View previous topic :: View next topic  

Author Message
guesekibwh




Joined: 25 Nov 2010
Posts: 5
Read: 0 topics

Warns: 0/5
Location: England


PostPosted: Wed 5:54, 15 Dec 2010    Post subject: The leaky corporation to disclose confidential com

Information security
information security
The leaky corporation
disclosure of confidential company
Jun 23rd 2005
From The Economist print edition
Firms are not protecting the data they hold. Their complacency may cost them dear
companies do not protect their own data. The effect they may pay for their complacency high price
IT NEVER rains but it pours. Just as bosses and boards had finally sorted out their worst accounting and compliance troubles, and beefed up their feeble corporate governance, a new problem threatens to earn them-especially in America-the sort of nasty headlines that inevitably lead to heads rolling in the executive suite: data insecurity. Left, until now, to geeky, low-level IT staff to put right, and seen as a concern only of data-rich industries such as banking, telecoms and air travel, information protection is now high on the boss's agenda in businesses of every variety.
never rains but it pours. When the boss and the board just to resolve the worst financial and regulatory issues, strengthen the weak corporate governance, the new problems are threatening them - especially in the U.S. - that allows them to be vicious newspaper headlines [link widoczny dla zalogowanych], leading to rotation of the senior management team. This new question is: data insecurity. To date, information protection has been left to temporary, low-level information technology staff commitment, just information resource-intensive industry is valued, such as banking, telecommunications and air travel industry, and now, information protection work has become the Industry bosses calendar the first consideration.
Several massive leakages of customer and employee data this year-from organisations as diverse as Polo Ralph Lauren, Time Warner, MCI, the large American defence contractor Science Applications International Corp and even the University of California, Berkeley-have left managers hurriedly peering into their labyrinthine IT systems and business processes in search of potential vulnerabilities.
this year, several major customer and employee information leaks - involves a number of industry organizations such as Paul. Musharraf. Lauren, Time Warner, MCI, U.S. defense contractors: Science Applications International Corporation, and even the University of California, Berkeley - This allows managers rush to check their complex information systems and business processes in order to find potential vulnerabilities.
for on behalf of shareholders investment level for security, redundancy, and recovery is a management issue, not a techie one, Mendelsohn said. Indeed, as the existence of accounting principles, like the concept, it is fair safety measures may be made of the time. Columbia Business School from New York, the love you ? Noam said: for data security, redundancy and recovery set a reasonable investment criteria is a management issue, not technical issues.
The mystery is that this should come as a surprise to any boss. Surely it should be obvious to the dimmest executive that trust, that most valuable of economic assets, is easily destroyed and hugely expensive to restore-and that few things are more likely to destroy trust than a company letting sensitive personal data get into the wrong hands.
interesting is: This is the boss of any company is actually a surprising thing. Even the most foolish manager of all will be clear, honest, and as the most valuable economic assets in the factors that can easily be destroyed and want to restore is costly. So, again nothing more than a company to sensitive personal information falling into the hands of people who do not appropriate more damage to the credibility of this company thing.
Don't ask, don't tell
do not ask, do not say.
Such complacency may have been encouraged-though not justified-by the lack of legal penalty (in America, but not Europe) for data leakage. Until California recently passed a law, American firms did not have to tell anyone, even the victim, when data went astray. That may change fast: lots of proposed data-security legislation is now doing the rounds in Washington, DC. Meanwhile, the theft of information about some 40m credit-card accounts in America, disclosed on June 17th, overshadowed a hugely important decision a day earlier by America's Federal Trade Commission (FTC) that puts corporate America on notice that regulators will act if firms fail to provide adequate data security.
in the United States, not Europe, the information disclosure of legal penalty the lack of regulations, although the company can not defend this complacency, but may have had the encouragement. U.S. companies, when the data is a problem, do not tell anyone, even the victims themselves, the situation, until recently, California passed a law, be corrected. This situation may soon change: a lot of proposed legislation on data security rounds in Washington. Meanwhile, the June 17 disclosure of the nation's 4 million related to credit card account information theft, and sometimes shocked the nation, the day before the Federal Trade Commission adopted an extremely important decision but has not been adequately compared with the attention. The decision to remind all American companies note that if the company can not provide sufficient data to security measures, then the regulators will take action.
The FTC decided to settle with BJ's Wholesale Club, a retailer whose lax data-protection practices the agency said constituted an it, lacked password protections and left its wireless network open. This, in turn, enabled criminals to produce counterfeit credit and debit cards using stolen customer data and rack up millions of dollars in fraudulent charges. The firm has agreed to fix these problems and undergo information-security audits for 20 years.
the U.S. Federal Trade Commission has decided to BJ Wholesale Club stores reconciliation, the U.S. Federal Trade Commission, said the retailer of loose data protection measures constitute a destruction of federal law of unfair measures. The company collected too much data, and hold for too long, not data encryption [link widoczny dla zalogowanych], password protection, and it lacks a wireless network open. This allows criminals to produce counterfeit debit cards used to steal customer data and a large number of fraudulent transactions in the money grab. The company has agreed to address these issues and accept the supervision and examination of information security for 20 years.
Many of the worst recent data leakages resulted from failure of the most basic kindThis settlement represents a big step for the FTC, which had settled various other cases concerning sloppy data management since 2001-including against Eli Lilly, clothing designer Guess, Tower Records and Microsoft-but did so on narrow, technical grounds. For instance, in several cases the FTC applied the doctrine of cause of data breaches the most basic work in this failure. Solution to this problem the U.S. Federal Trade Commission on behalf of a major step forward, since 2001, the U.S. Federal Trade Commission has resolved a variety of other data management lax as the emergence of cases - but they are in a narrow technical on. For example, in some cases, the U.S. Federal Trade Commission declared that do not perform data security company using
In its settlement with BJ's, the FTC used its broad failing to implement certain practices. The BJ's case, said FTC chair Deborah Platt Majoras, signalled the regulator's used his broad In action, it asked the U.S. Federal Trade Commission should have evidence of substantial harm to customers and the company failed to implement the relevant measures and there is no reasonable basis to this evidence. U.S. Federal Trade Commission Chairman Pratt. Majoras said: BJ the case to issue such a signal, the regulator intends to not adequately protect sensitive customer information, corporate challenge.
may be time for a data-protection committee, he argues. Bosses must ensure that there are effective data risk-management processes in place, be aware of their greatest vulnerabilities and promote a corporate culture that acknowledges data risks rather than hides them.
After all [link widoczny dla zalogowanych], the Board has audit committee and remuneration committee. George. Wuestemann that now may be time to preparing a Data Protection Commission. Owners must ensure that the existence of an effective risk protection program data, the weak point of their greatest concern and to implement the data risks, not avoid recognition of the risk of data the company philosophy.
But the problem is often a lack of understanding by senior managers not just of technology but of business processes, says Thomas Parenty, author of ). senior management not a lack of understanding of technology but a lack of understanding of business processes. says. . The auditors inspect technology systems, data flow and the controls on access to data within an organisation and with its business partners.
then the boss should do? accounting firms and consulting firms have found through the control of an independent security and privacy audits to profit opportunities - for most companies, they have no doubt that the huge spending in this area is very worthwhile. These auditors audit systems, data flow and internal company or business partners control of data acquisition.
A wise boss will also appoint a senior executive to be responsible for data security-and not just to have a convenient scapegoat in the event of a leak. Diana Glassman, a data protection expert, says that a useful first step would be for the boss to write to all employees reminding them of the risks and potential cost of data leakage, and asking them, before passing data to anyone else, to question whether that person truly needs, or is entitled to, it.
smart boss will also appoint a senior executive director to be responsible for data security - and not in the event of a leak of data easily (convenient) caught a scapegoat prevarication. data protection expert Diana. Glassman said, the boss is an effective first step should be to write to all employees reminding them of data leakage will be open to the risks and potential costs, while allowing them in to transfer data to any other person before that person really think about it need the data or the right to have the data.
Many of the worst recent data leakages resulted from failure of the most basic kind. The data-processing firm that suffered the breach that exposed 40m credit-card accounts was not in compliance with the security standards of Visa and MasterCard-which may now find themselves liable for negligence. If nothing else gets bosses to focus on data security, surely the prospect of ending up in court will.
a large number of malignant causes of data loss from this event the failure of the most basic work. bear against the safety standards and exposure to 4 million credit card account information at the time the data processing company credit card seems to just not follow safety standards - and it now appears they may find themselves on their own mistake ignore data security. If nothing else can make the boss concerned about data security, then the consequences of legal action in court (prospect) up for you.


The post has been approved 0 times
Back to top
View user's profile

Display posts from previous:   
Reply to topic    www.heavensgatel2.fora.pl Forum Index -> Forum testowe All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

fora.pl - załóż własne forum dyskusyjne za darmo
Powered by phpBB © 2001, 2002 phpBB Group.
Theme Designed By ArthurStyle
Regulamin