About RSS
Search for: in 
Ian Schenkel
R E L A T E D   C O N T E N T
Similar articles
IThound
News centre
More from Computing
Jargon Buster

ADVERTISEMENT

Ian Schenkel

Current levels of identity theft are inexcusable

Any IT chief worth their salt knows how to combat data theft, so why is it still so common, asks Ian Schenkel

Computing, 30 Oct 2008
ADVERTISEMENT

With all the noise about the PCI DSS payment card security standard and the importance of protecting data, you might think the situation is under control or at least being addressed seriously.

But potentially hundreds of thousands of records containing personally identifiable information (PII) are still at risk, stored unencrypted and unprotected in databases not subject to PCI DSS compliance ­ HR databases are a perfect example.

It is ridiculous that PII is being exposed time after time. We know how to solve this problem ­ education combined with good data protection policies and processes.

One of the positive steps a company can take is to institute security awareness training. Ensure that everyone understands how to identify confidential information, the importance of protecting data, how to choose and use passwords, acceptable use of system resources, email, and the firm’s security policies and procedures. Enforce policies with role-based access and auditing.

Security policies should evolve with the times. Consider instituting a weekly meeting with senior managers to talk about data security and regulatory concerns. Look at the data security tools firms use, what threats are out there, and consider what policies the company may need to enact to deal with these issues. Risk analysis should be performed to determine which assets need the most stringent security. And employees’ PII data should be included in security policies.

Data security regulations tend to deal with specific issues rather than addressing the entire network and applications. A system can pass a regulatory audit and still harbour security problems. Work towards comprehensive security rather than simple compliance with regulations.

Data storage guidelines are vague at best and often overlooked or ignored. Data security regulations need to be tightened and strictly enforced if we have any hope of stamping out identity theft.

Ian Schenkel is a BCS contributor, and vice president at Protegrity.

Tags: Management, Security, Threats-and-risks

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
RELATED ARTICLES
M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
C++ Market Data Developer - Unix - Java - SQL
| Aston Carter
C++ Market Data Developer - Unix - Java - SQL My client are a top financial software house based in the city. They are currently seeking a C++ developer to work in their market data ... more >
Python Developer - Start Up - Django - Perl
| Aston Carter
Junior Python Developer - SQL - Functional Programming - Javascript - Django - Perl - Ruby - MVC My client are a startup software house that specialise in online gaming. The team is small and ... more >
Software Administrator - Salesforce legend required - London
| Aston Carter
Required: Salesforce CRM, Excel My client are Britain's leading financial spread betting firm and are the world's leading trading platform for private investors. This is an excellent opportunity for Salesforce Administrator to join a leading ... more >
C# Developer, Hedge Fund, Algo Trading, London
| Aston Carter
C# Developer, Hedge Fund, Algo Trading, London The role is working for a boutique derivatives trading company who focus on options high frequency algorithmic trading. They are looking for a bright junior Microsoft .net developer ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in England and Wales with company registration number 04038503
Loading...