Security Policies Should be Part of Normal Business Practices According to Federal Judge
Successful CIOs have an ever expanding scope of responsibilities, create a bias toward learning that adapts well to changing business demands, aligning the organization to the business' strategic goals, and to having a cadre of strong IT professionals who understand that change is the norm. CIO responsibilities now include:
- Strategy and Planning
- Risk Management
- Business Processes
- Strategic IT Initiatives
- Enterprise Infrastructure and Applications
A federal judge has rejected a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit. That marks the second time in recent months that a court has weighed in on what it considers basic security standards for protecting data. The case stems from a 2007 breach that exposed more than 6 million customer records.
The federal judge did not find the proposed settlement to be "fair, reasonable, or adequate." Rather than benefiting those directly affected by the breach, Ameritrade's proposed settlement was designed largely to benefit the company. The judge described the additional security measures that Ameritrade proposed in the settlement as "routine practices" that any reputable company should be taking anyway and should be defined in their normal security policies and procedures.
In September 2007, Ameritrade said that the names, addresses, phone numbers, and trading information of potentially all of its more than 6 million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later used to spam those customers.
As part of an effort to settle claims arising from that incident, Ameritrade this May said it would retain an independent security expert to conduct penetration tests of its networks to look for vulnerabilities.
The company also offered to retain the services of an analytics firm to find out whether any of the data that had been compromised in the breach had been used for identity theft purposes. The company also said it would give affected customers a one-year subscription for antivirus and anti-spam software.
Data Breaches Continue to be CIO Concern
The FBI received a record number of complaints in 2008, and the associated direct cost of the frauds carried out with stolen data was $265 million versus $235million in 2007. Adding to this is the challenge of securing personal information and intellectual property data. Companies are granting access to more systems and information - bank customers access to account balances; workers maintain their own 401k and investment accounts; web shoppers place orders and make purchases with a single click; and business partners work on projects in a collaborative manner online.
To reduce the risk of a data breach or theft, organizations must adopt new tactics. In addition, companies must address e-mail and Web security along with employing a functional data loss and prevention strategy. The application of multiple security techniques is required to reduce risk. For example, there must be a way to control spam and block the downloading of malicious software from poisoned Web sites. In today's open Web 2.0 and social networking environments, companies need a way to defend against attacks and protect secret or sensitive data. At the same time, they must maintain a flexible and responsive infrastructure to support today's business working habits.
The Janco Security Manual Template has helped over 2,000 enterprises world-wide to meet these requirements.