INFORMATION SECURITY
It seems that every day we hear something new about organisations losing personally identifiable information or financially sensitive information.
Information Security is now a hot-topic for organisations wanting to avoid the PR nightmare of a security breach, or the large fines that can be imposed on organisations who do not take Information Security seriously.
INFORMATION SECURITY
How do you get back information that has been stolen or published without your consent?
The recent wikileaks exposure show how easily a quarter of a million documents could be stolen and published without the Pentagon noticing until after the announcements were made.
Most criminals or disgruntled employees would not advertise the theft of sensitive information and the first thing you would know about it would be after a serious breach had already occurred, or the information had already been disclosed (or as is increasingly common, sold to a competitor).
|
|
DATA PROTECTION ACT
New powers under the Data Protection Act allow for fines of up to £500,000 for each breach where negligence can be shown on the part of the organisation.
"The Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK"
PCI DSS
The Payment Card Industry (PCI) also have strict legislation regarding the storage of financial information.
Failing to meet PCI DSS criteria means that the ability to store credit card information or take payments from credit cards and debit cards can be withdrawn.
Most modern businesses could not survive without being able to accept electronic payments.
|
|