Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, January 31, 2006

Identity Theft Laws Elevate Security to the C-Level

Information security should start from the top, experts say.  Numerous breaches in customer data security in 2005 have fueled calls for federal legislation that could lead to onerous security demands on financial institutions that hold consumer information.  Even if legislators show restraint in demanding new controls, it’s time for banks to create C-level security positions, experts suggest.  “

The government must assess the risk associated with certain data types so companies aren’t notifying consumers every time a breach of even noncritical data occurs,” asserts Jerry Cerasale of the Direct Marketing Association (DMA), a New York-based trade association representing more than 5,200 direct, database and interactive marketers.

Fred Cohen, a principal analyst at Burton Group (Midvale, Utah), says enterprises should consider creating new positions or morphing existing ones to prepare for such legislation.  “The position of a chief information security officer (CISO) exists at many large firms, but it has not been a C-level position,” says Cohen.

Posted on 01/31