7 Steps to Protect Your Company from a Data Breach
|
|
- Harold Wilkins
- 8 years ago
- Views:
Transcription
1 7 Steps to Protect Your Company from a Data Breach August 11, 2015 Michael Pinna and Stuart Nussbaum Millions of government personnel files were recently compromised as part of a malicious hacking of the federal government s Office of Personnel Management (OPM) and the Interior Department. As the human resources department for the federal government, the OPM maintains personnel files on all employees and also issues security clearances, which makes this cybersecurity breach particularly damaging. While the federal government is a likely target for malicious hacking, the most common targets historically have been retailers and other companies that maintain databases of credit card information. One of the most notable breaches of the last few years was the massive 2013 compromise of Target Corp. s systems, which affected as many as 110 million customers during the year s busiest shopping season. From Nov. 27 until mid-december, hackers accessed customer names, mailing addresses, phone numbers, addresses, and credit card information. By Dec. 15, Target had a third-party forensic team in place and the attack mitigated. On Dec. 18, the story broke as a result of a posting by a security blogger. Finally, Target informed the
2 affected credit/debit card-wielding shoppers who had made purchases at one of the company s stores during the attack that their personal and financial information had been compromised. The event also led to the eventual resignation of the company s CEO in As a result of the breach, Target improved cybersecurity: Its corporate website describes various changes made to security procedures and protocols, including improved monitoring, firewalls, and password usage. Many experts have analyzed how the breach happened and evaluated Target s response, and have identified several steps that companies regardless of their size can take to better protect themselves. Remember: Aside from any payments resulting from trial judgments or settlements with plaintiffs, as well as significant fees and penalties, a business can lose significant revenue due to reputational damage. 1. Appoint a chief information security officer to oversee the information security program. Having an officer knowledgeable in data security best practices will enable the company to develop a plan on how to best protect itself from a data hack, including establishing security-awareness training programs and implementing security-related technology. Designating a chief information security officer also shows the rest of the organization that the company views data security seriously and helps support a culture sensitive to the protection of data. 2. Implement updated security technology. Updating technology is often a cost-benefit decision. Industry experts have pointed out that most companies and the United States as a country use antiquated data and credit card security technology. For example, chip card technology in credit cards is used in Europe, but will not be fully implemented in the United States for another few years.
3 3. Conduct periodic security audits. A security audit is a measurable assessment of a company s security policies. After the Target attack, the company admitted it had missed certain warning signs about potential security gaps, which could have turned up in a security audit. Many companies have frequent audits listed as one of their information and security procedures, but do not actually conduct. While a detailed security audit should be performed periodically, all Internetfacing systems should undergo a vulnerability scan at least quarterly to identify any threats or updates that need to be applied. Software to perform such vulnerability scans is readily available in the marketplace. 4. Establish a clean desk policy. All employees in an organization should be cognizant of making sure they do not leave sensitive or confidential information in any location that could be accessed by unauthorized people. This includes paper data that can be left in a conference room or office, as well as electronic files that may be left on a network, unprotected computer, or in an inbox. Establishing passwordprotection protocols with mandatory, frequent password changes and a security-awareness program should be a part of every company s data security initiative. 5. Establish an incident response plan. After a breach is discovered, the top priority is usually fixing the breach at all costs. This is the correct approach for the technical team; however, others within the company need to simultaneously begin considering how the breach will be communicated to the public and those affected, as well as creating a response plan to mitigate any negative fallout. The plan needs to address the actions to be taken throughout the company in areas outside of IT, including human resources, legal, customer service, executive management, and corporate/investor relations. Many Target customers wanted to talk to someone at the company
4 about the breach, but couldn t get through, which compounded the existing damage. 6. Communicate a problem right away. Although the timing of the data breach was not under Target s control and occurred at the worst time of year, the company did have full control over when and how to break the news to the public. Target waited days after discovering the problem before alerting customers. A company should be willing to disclose problems like this right away to control the flow of information and ensure that the correct information is being disseminated on a timely basis. 7. Extend security practices to customers and vendors. A company can have the best security practices in the world, but if it shares data with customers and/or vendors through its systems, a weakness in the vendors or customers systems or processes could inadvertently find its way back into the company s systems. It is critical that companies develop some type of vendor/customer management processes that monitor compliance of those vendors/customers that share electronic data with basic security parameters. While it is difficult to control systems maintained by an outside party, a company can at least understand the risks and take any necessary actions to mitigate them. The hackers who attacked Target demonstrated extraordinary capabilities in successfully orchestrating the 2013 data breach. The increasing number of data breaches shows the current value of credit card data in the criminal marketplace. Having your company be cognizant of the importance of data security best practices and implementing proper security measures will help keep your company from becoming the next victim. About the authors: Stuart Nussbaum is a partner and Michael Pinna is a director at WeiserMazars LLP.
5 excellence/7 steps to protectyour company from a data breach
Impact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationWhy is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP
Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA, LLP Created as a collaborative effort between government and industry to ensure every American has the resources they need to stay
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationPCI Compliance: Protection Against Data Breaches
Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationIf You Shopped at Target from November 27 through December 18, 2013 or Received Notice That Your Personal Information Was Compromised,
UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MINNESOTA If You Shopped at Target from November 27 through December 18, 2013 or Received Notice That Your Personal Information Was Compromised, You Could
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationAre You Ready for PCI 3.1?
Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? If your hotel is not PCI compliant, it should be. Every time a customer hands over their credit card, they trust your hotel to keep their information
More informationSecuring Remote Vendor Access with Privileged Account Security
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More information4 Ways an Information Security Analyst Improves Business Productivity
4 Ways an Information Security Analyst Improves Business Productivity www.gr e xo.co m 4 Ways an Information Security Analyst Improves Business Productivity The increase of data breaches and hackers has
More informationData Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.
Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More informationDATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET
DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationNew PCI Standards Enhance Security of Cardholder Data
December 2013 New PCI Standards Enhance Security of Cardholder Data By Angela K. Hipsher, CISA, QSA, Jeff A. Palgon, CPA, CISSP, QSA, and Craig D. Sullivan, CPA, CISA, QSA Payment cards a favorite target
More informationHacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking
Hacking Book 1: Attack Phases Chapter 1: Introduction to Ethical Hacking Objectives Understand the importance of information security in today s world Understand the elements of security Identify the phases
More informationCybersecurity Best Practices
Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%
More informationThird-Party Access and Management Policy
Third-Party Access and Management Policy Version Date Change/s Author/s Approver/s Dean of Information Services 1.0 01/01/2013 Initial written policy. Kyle Johnson Executive Director for Compliance and
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationBEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security
BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration
More informationAuditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement
Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationHow To Protect Visa Account Information
Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationWhitepaper. PCI Compliance: Protect Your Business from Data Breach
Merchants often underestimate the financial impact of a breach. Direct costs include mandatory forensic audits, credit card replacement, fees, fines and breach remediation. PCI Compliance: Protect Your
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) WARNING: Your company may be in noncompliance with the Payment Card Industry Data Security Standard (PCI DSS), placing it at risk of brand damage,
More informationFIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL
FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL Before the Subcommittee on Financial Institutions and Consumer
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationAre your people playing an effective role in your cyber resilience?
Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to
More informationPayment Security Account Data Compromise (ADC)
Payment Security Account Data Compromise (ADC) 10 th July 2014 Michael Christodoulides & Louise Hunt All information correct at time of presentation Introductions Barclaycard has become increasingly aware
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationPCI Compliance Top 10 Questions and Answers
Where every interaction matters. PCI Compliance Top 10 Questions and Answers White Paper October 2013 By: Peer 1 Hosting Product Team www.peer1.com Contents What is PCI Compliance and PCI DSS? 3 Who needs
More informationHow to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors
How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationa new approach to IT security
REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach to IT security FEATURE STORY REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationSMALL BUSINESS PRESENTATION
STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationPayment Card Crime Hotels Face Great Security Risks
Payment Card Crime Hotels Face Great Security Risks What You Can Do to Protect You and Your Guests Payment Card Crime in the Hotel Industry Trafficking stolen payment card data is a thriving business.
More informationInformation Security Risk Assessment Methodology
Information Security Risk Assessment Methodology An Information security risk assessment should take into account system-level risk (inclusive of applications and systems) and process-level risk (inclusive
More informationIs the PCI Data Security Standard Enough?
Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationSpecific observations and recommendations that were discussed with campus management are presented in detail below.
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California State University, San Bernardino Audit Report 14-55 March 18, 2015 EXECUTIVE SUMMARY OBJECTIVE
More informationHow To Protect Yourself From Cyber Threats
Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationKim Decarolis Compliance and Security Specialist decarolisk@anx.com (248) 447-4073. Mark Wayne Vice President Compliance and Security Specialist
Target, Starbucks, Neiman Marcus Will your pharmacy be the next data breach victim? Kim Decarolis Compliance and Security Specialist decarolisk@anx.com (248) 447-4073 Mark Wayne Vice President Compliance
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationOn Dec 18, 2013, the public discovered that Target America s second largest retailer
James Harootunian BA 2196 Section 20/ Professor Miller Writing Assignment: Crisis Communication On Dec 18, 2013, the public discovered that Target America s second largest retailer had experienced a massive
More informationHow One Smart Phone Picture Can Take Down Your Company
SESSION ID: HUM-R04 How One Smart Phone Picture Can Take Down Your Company Dr. Larry Ponemon Chairman and Founder Ponemon Institute @Ponemon Have You Ever Felt Wandering Eyes Over Your Shoulder? Username:
More informationAchieving Compliance with the PCI Data Security Standard
Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),
More informationCyber Risk Management
Cyber Risk Management A short guide to best practice Insight October 2014 So what exactly is 'cyber risk'? In essence, cyber risk means the risk connected to online activity and internet trading but also
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationSurviving the Era of Hack Attacks Cyber Security on a Global Scale
Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This
More informationHow to Reduce Web Vulnerability Scanning Times
How to Reduce Web Vulnerability Scanning Times www.alliancetechpartners.com How to Reduce Web Vulnerability Scanning Times It shouldn t be surprising cyber crime is costly to any business. Between the
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationCREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 5/25/2011 Updated: May 25, 2011 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationINFORMATION SECURITY Humboldt State University
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationSecurityMetrics Introduction to PCI Compliance
SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationAgenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree
Cyber Security: Potential Threats Impacting Organizations January 10, 2015 Scott Petree Agenda 2 Data Security Trends Root Causes of Cyber Attacks How Can We Fix This? Secure Infrastructure User Awareness
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More information