SEARCH RESULTS
 
Showing 1-10 of 391 records
 
Expand article

UK's Information Commissioner gets expanded powers in Criminal Justice and Immigration Act -- will be able to impose steep fines on organizations

2008-05-15 00:00:00 by Shannon Kellogg in Speaking of Security, the RSA Blog and Podcast
 
...organizations that "deliberately" or "recklessly" violate the U.K.'s "Data Protection Act", or DPA, of 1998. In a little noticed amendment to the Criminal Justice and Immigration Act of 2008, the 1998 DPA was updated to enable the Information Commissioner to impose serious fines on organizations. This change in the UK's data protection law...
 
Tags: information commissioner, information, fines, immigration act, criminal justice, organizations, levy fines, data protection act, large-scale data breach
 
 
 
 
Expand article

Users continue to ignore security policies, while security organizations are overlooking non-technical controls

The Article has images
2007-12-13 12:37:00 by Ryan Shopp in practical risk management
...Organizations must realize that a large proportion of information security problems extend far beyond technology and learn to appreciate the role that less technical controls, such as policy development, play in minimizing security breaches' impact on mission-critical operations So this begs the question, "when was the last time your...
 
Tags: non-technical controls, technical controls, security, controls, aka non-technical controls, non-technical, quality, quality security controls, technical
 
 
 
 
Expand article

Healthcare organizations feeling cyberattacks growing

2008-02-27 00:00:00 by Ellen Messmer in Network World on Security
 
Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insiders and disappearing laptops with sensitive data are piling up. On top of that, there's now the prospect of a surprise audit from the federal government agency in charge of overseeing the HIPAA security and privacy rules
 
Tags: healthcare organizations, federal government agency, sensitive data, security incidents, privacy rules, surprise audit, hipaa security, prospect, laptops
 
 
 
 
Expand article

Data Leak Risks: A Problem Mid-Size Organizations Can't Ignore

2008-02-28 14:00:00 by Editor in Computerworld Security News
 
...organizations of all sizes must act to protect sensitive data. This whitepaper explores the sources of data leaks, what a data breach could cost your organization, and what mid-size companies should look for in a solution
 
Tags: average cost, cost, protect sensitive data, data-leak incident, million, data breach, data leaks, organizations, whitepaper explores
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...organizations assets, including information assets. Managers must also review and monitor security controls to ensure they are appropriate, despite ever-changing risks and business requirements. This is, in fact, a form of auditing information security. And, finally, managers who own business-unit information should also help define their...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

Defining Risk Management

2008-02-05 18:52:39 by Posted By: Paul Proctor, Research VP in IT Leaders - Security and Risk Management
 
...organizations to struggle at the top with clearly defining what enterprise risk management (ERM) means to their organization, and at the bottom with defining what "risk" people do vs. their counterparts in traditional operational roles. Even within the various risk management groups, organizations must clearly define how responsibility is...
 
Tags: risk management, risk, enterprise risk management, led organizations, led, organizations, risk measurement, traditional, traditional operational roles
 
 
 
 
Expand article

Compliance is critical

The Article has images
2008-07-15 15:25:12 by JonesJ in RiskAnalys.is
...organizations own policies and standards. Compliance with external standards has its place too (unfortunately), but well pick that up in another post Think about it In most cases, if an organization was completely, 100% compliant with its own policies and standards, it would almost certainly have a much lower level of risk exposure than most...
 
Tags: organizations risk exposure, risk exposure, risk, affects risk, compliance, ability, organizations ability, organizations, partys risk posture
 
 
 
 
Expand article

Here Comes Everybody Review

2008-11-25 07:39:13 by schneier in Schneier on Security
 
...organizations exist? Why don't people just buy and sell their own services in a market instead? Coase, who won the 1991 Nobel Prize in Economics, answered the question by noting a market's transaction costs: buyers and sellers need to find one another, then reach agreement, and so on. The Coase theorem implies that if these transaction costs...
 
Tags: shirky, shirky notes, organizations, community, virtual community safe, organizations collapse, internet content, internet discourse falls, internet
 
 
 
 
Expand article

New Research Outlines Key Steps to Protect Sensitive Data - December 5, 2007

2007-12-28 12:18:16 by zaruba in Security Links
 
...organizations globally, concludes that only one in ten organizations is in the enviable position of adequately protecting their sensitive data. The report also analyzes the variables between those companies that are leaders and laggards in the area of data protection, providing insight into which actions and best practices can lead to less...
 
Tags: research, benchmark research, sensitive data, protect sensitive data, benchmark research report, policy, policy compliance, report, institute