October 01, 2006 — CSO — What to do about the rash of data breaches resulting from lost or stolen laptops? We asked four former CISOs and learned they believe the problems require a three-pronged response: Educate employees and enforce policies designed to regulate their systems use. Minimize human mistakes. And plug technical security gaps.
Our panelists included Bruce Brody, former CISO of the Department of Veterans Affairs who is now VP information security at Input; Chrisan Herrod, former CSO of the Securities and Exchange Commission; Bryan Palma, former CISO of PepsiCo; and consultant Paul Wing, former head of information security and privacy at Scotiabank. They said that companies should identify which data is important to keep secure, and they offered these suggestions for companies that have done so:
• Set up policies and standards for how to protect sensitive data—and check they are being followed. First ask, "Does the information even need to be accessible through a laptop?" If so, "Who should have access?" Next, log when data is accessed and by whom, and assign staff to check that log on a monthly or quarterly basis.
• Secure sensitive data like customers' personal information using more than one technique.
Employ two-factor authentication to mobile data systems, using, for example, a fingerprint reader as well as a password; and time-out functions that require remote access devices to be limited to 30
minutes before requiring reauthorization.
• Enforce your data security policies, with employees and contractors.
–Katherine Walsh
Read more about data protection in CSOonline's Data Protection section.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
