October 01, 2006 — CSO — What to do about the rash of data breaches resulting from lost or stolen laptops? We asked four former CISOs and learned they believe the problems require a three-pronged response: Educate employees and enforce policies designed to regulate their systems use. Minimize human mistakes. And plug technical security gaps.
Our panelists included Bruce Brody, former CISO of the Department of Veterans Affairs who is now VP information security at Input; Chrisan Herrod, former CSO of the Securities and Exchange Commission; Bryan Palma, former CISO of PepsiCo; and consultant Paul Wing, former head of information security and privacy at Scotiabank. They said that companies should identify which data is important to keep secure, and they offered these suggestions for companies that have done so:
• Set up policies and standards for how to protect sensitive data—and check they are being followed. First ask, "Does the information even need to be accessible through a laptop?" If so, "Who should have access?" Next, log when data is accessed and by whom, and assign staff to check that log on a monthly or quarterly basis.
• Secure sensitive data like customers' personal information using more than one technique.
Employ two-factor authentication to mobile data systems, using, for example, a fingerprint reader as well as a password; and time-out functions that require remote access devices to be limited to 30
minutes before requiring reauthorization.
• Enforce your data security policies, with employees and contractors.
–Katherine Walsh
preventing data breaches
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
