Regulatory requirements and increasing consumer concerns about information security breaches are making data-level security controls a top priority for 2007, according to IT managers at the Computer Security Institute trade show held here this week. After years of implementing technologies such as firewalls and intrusion-detection systems to keep network perimeters safe, companies now must move similar controls down to the data level, they said. Nonpublic information of all sorts needs to be protected, whether it is at rest or in transit, and that requires an increasing focus on measures such as data classification and encryption, stronger user access and authentication and usage monitoring and auditing, John Ceraolo, director of information security at JM Family Enterprises Inc, said.<\/p>\n","protected":false},"excerpt":{"rendered":"
Most of the “blocking and tackling” that was needed to handle network threats has, to a large extent, already been accomplished via technologies such as firewalls and intrusion-detection and -prevention systems, said Mark Burnett, director of IT security and compliance at Gaylord Entertainment Co. in Nashville. “We are layering technology controls to make sure we can identify where the information is passing across our network” and protect it. The overall driving force behind our [security] program is reputation management. Any one incident could ruin all that work.”<\/p>\n
Also driving the focus are regulations that Gaylord is required to comply with, such as the Sarbanes-Oxley Act and the Payment Card Industry (PCI) data security standard, which is mandated by the major credit card companies, he said. Ann Garrett, the chief information security officer at the North Carolina state office of information technology in Raleigh, said that a new state law governing the use of personally identifiable information has elevated the need for security controls at the data level.<\/p>\n
High-profile breaches such as the one at the Department of Veterans Affairs earlier this year have resulted in an intense scrutiny of data security practices government-wide said Patrick Howard, chief information security officer, at the U.S. Department of Housing and Urban Development.<\/p>\n
http:\/\/www.computerworld.com\/action\/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9004914<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2163","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2163"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2163\/revisions"}],"predecessor-version":[{"id":4650,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2163\/revisions\/4650"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}