INFORMATION

Site Map - Cybersecurity

Numbers

- 6 Percentage of organizations able to provide new employees access to all required applications and systems on their first day of work, highlighting the inefficiency of identity access and management practices, according to a study conducted by Computer Associates.

Quick Bytes: Encrypting data at rest

- Pressure to comply with regulatory efforts such as Sarbanes-Oxley and Gramm-Leach-Bliley is the key driver of enterprisewide encryption efforts, according to security professionals at 112 financial services companies surveyed by InfoTech, yet just over half of those surveyed said that encryption of data at rest is “a high priority for their organizations.” Less than a third said they think their firms are doing “an adequate job of encrypting data at rest.” Fifty-seven percent plan new encryption efforts in the near future. @ More results from Enterprise Encryption in the Financial Services Sector are available at SM Online.

Following Standard is Not Standard Practice

- Only one in five of the top 200 merchants is in compliance with the Payment Card Industry (PCI) data security standard more than a year after the standard went into effect to improve security among merchants and credit card processors.

A Plan for Sharing

-

Laptop Lessons Learned?

- Who’s responsible for restoring the Web after disruption? Also, advice on laptop security, a book on corporate blogs, and slow compliance with the PCI data security standard.

Who Owns the Net?

- Who’s responsible for restoring the Web after disruption? Also, advice on laptop security, a book on corporate blogs, and slow compliance with the PCI data security standard.

Encrypting data at rest

- Pressure to comply with regulatory efforts such as Sarbanes-Oxley and Gramm-Leach-Bliley is the key driver of enterprisewide encryption efforts, according to security professionals at 112 financial services companies surveyed by InfoTech, yet just over half of those surveyed said that encryption of data at rest is “a high priority for their organizations.”

Laptop Lessons Learned?

- After a spate of well-publicized thefts of government laptops earlier this year, Clay Johnson III, deputy director for management with the Office of Management and Budget, sent a memorandum to department heads urging them to take action to safeguard information properly.

A Site To See

- It’s estimated that millions of Americans each year suffer identity theft. The Federal Trade Commission (FTC) has set up a Web site to help deter, detect, and defend against identity theft. The site contains a number of educational resources, including a 10-minute educational video that provides an overview of the problem, a PowerPoint presentation, and several PDF publications.  

New in Plaintext

- The book is best browsed through in front of a computer, because you’ll be eagerly visiting the Web sites he writes about and trying the software and tactics he describes. Many of the latter I had never heard of. For instance, in a chapter on how to work around censorship (government or corporate) of Web sites, he describes how to access banned Web pages by having them e-mailed to you. No special software is required; just send an e-mail containing the URL of the Web site you want to see to a certain e-mail address, and the full site will be sent back to you inside a return message.

Numbers

- 5 Maximum percentage of IT budget spent on security by the average U.K.-based company, according to a survey of information security breaches by PricewaterhouseCoopers.

Getting Ahead in IT

- If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.

Quick Bytes: Data breach advice

- Not long after a data breach involving the Department of Veterans Affairs, David M. Walker, Comptroller General of the United States and head of the Government Accountability Office, gave testimony to a House committee on steps that can be taken to reduce the likelihood of personal data being stolen. The first is to conduct a privacy-impact assessment before deploying new systems; Walker noted that agencies do not always do this. He also recommended limiting the collection of personal information, and limiting the time that such information is retained. @ "Privacy: Preventing and Responding to Improper Disclosures of Personal Information is available at SM Online.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.