More than half the retailers that collect information from consumers for promotions and marketing campaigns have assigned responsibility for protecting consumer-specific data to a security-program coordinator; an even greater number have provided training to employees regarding consumer privacy and information security. However, fewer than half of the 71 respondents to a survey by the Retail Systems Alert Group have a formal incident response plan for security breaches of consumer data—and a quarter of those never test their plans. @ The executive summary of the retail data security benchmarking study is atSM Online.
In Information Security Governance Simplified, author Todd Fitzgerald provides an excellent overview on how security managers can create an effective information security program without breaking the bank. He shows the reader how to create a governance program that includes all of the necessary managerial, technical, and operational controls.