CSO

A disturbing survey recently published in the ISSA Journal provides some eye opening statistics. On the one hand, the survey showed a majority of ISSA members believe their organizations are protected against data security breaches. Eighteen percent reported believing their organizations are "heavily protected", with another forty-three percent reporting they are just "protected." This is generally good news. Businesses are clearly taking the threat of security breaches more seriously and now believe they have the matter relatively well in-hand. Only a very small number of organizations responded with "didn't know" or were "not protected at all."

If you are in the financial services industry, you are likely to have already been the subject of an audit by one or more of your regulators seeking information about your vendor agreements. If you have only heard about these audits or have been lucky enough not to be one of the chosen, rest assured you will find yourself at the wrong end of one of these invasive, costly audit requests - a veritable colonoscopy of your contracting process.

Sensitive corporate e-mails making the rounds.

But there is one area where possession constitutes ten tenths of the law.

The latest rage in virtualization may also improve security.

Corporate America knows its executives are at risk, but what about lower-level employees?

California considers new law holding merchants liable for costs of data breaches.

Unencrypted data at rest tends to move - move into the hands of hackers and others who would misappropriate the data for their own use.

A new court decision impacts anyone who has a server in their business.

What can you do about the risks of having an outside expert access your systems, review your data, and potentially store your data at its offsite facilities for further analysis?