Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, March 08, 2006

Perspective:  Data risk and consequences

The current Federal Trade Commission has little tolerance for companies that fail to take appropriate security measures to protect the financial data of their customers.  Indeed, the commission just settled charges brought against CardSystems Solutions and its successor, Soldius Networks, doing business as Pay By Touch Solutions, for allegedly not taking adequate security measures to protect the sensitive information of tens of millions of people.  The settlement will require CardSystems and Pay By Touch to institute a comprehensive information security program that will include audits by an independent security professional every other year for 20 years.  If they fail to properly protect the financial data of their customers, companies ought to expect FTC scrutiny.

In terms of the background of this case, as set forth by the FTC, CardSystems provided merchants with products and services used for obtaining approval for credit and debit card purchases from banks that issued cards.

The FTC specifically charged that CardSystems created unnecessary risks in storing information, did not adequately assess the vulnerability of its computer network to commonly known attacks, did not implement low-cost and available defenses to such attacks, failed to use strong passwords to ward off hackers, did not use available security measures to limit access between its computer network and the Internet, and failed to employ adequate measures to detect unauthorized access to personal information.

Posted on 03/08