IT Security – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Mon, 21 Mar 2011 02:52:50 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Time to Make Data Breaches a Thing of the Past https://www.aegify.com/time-to-make-data-breaches-a-thing-of-the-past/ https://www.aegify.com/time-to-make-data-breaches-a-thing-of-the-past/#respond Mon, 21 Mar 2011 02:52:50 +0000 http://www.egestalt.com/blog/?p=91 The media is abuzz with news of data breaches especially with websites like the Health and Human Services (HHS) tracking them. As per the Office of Civil Rights, there were close to 9,109 data breaches by Sept 2010, averaging 25 data breaches per day! The HSS had earlier issued a given set of regulations to…

The post Time to Make Data Breaches a Thing of the Past appeared first on Aegify.

]]>
The media is abuzz with news of data breaches especially with websites like the Health and Human Services (HHS) tracking them. As per the Office of Civil Rights, there were close to 9,109 data breaches by Sept 2010, averaging 25 data breaches per day! The HSS had earlier issued a given set of regulations to healthcare providers about notifying individuals whenever a health information breach occurs.

Breach reporting has become an intrinsic and important element of the HITECH Compliance regulations. All data breaches crossing over 500, are required to be reported to the HHS within 60 days, while data breaches under 500 can be submitted annually. These breaches although not published by the HHS, they are compiled and sent to congressional committees as per the HITECH stipulations. With data breaches resulting in not just penalties but also the erosion of precious reputation and image of different health care providers, it is time that health care providers take efficient compliance measures to abide as per HIPAA and HITECH regulations effectively.

The idea is to work smartly and bring about complete visibility with an effective and economical security solution as far as safeguarding of security of patient’s health information is concerned. Most small health care practitioners worry about the investment aspect involved in installing compliance solutions, but here is eGestalt’s SecureGRC SB, which is an ideal solution especially for small medical practices. A one-stop solution, it allows health care providers to abide as per the compliance regulations of HIPAA/HITECH.

A web-based solution, SecureGRC SB offers a unique approach to tackle security and data breach issues. Owing to its ability to deliver services on the cloud, it can capture information and keep you updated constantly in case of any changes in regulatory policies. SecureGRC SB is an economical, easy to use web based solution that can help small medical practitioners be HIPAA Compliant. It is high time that small healthcare practices opt for a suitable compliance healthcare solution to tackle data breaches intelligently and make data breaches a thing of the past.

The post Time to Make Data Breaches a Thing of the Past appeared first on Aegify.

]]>
https://www.aegify.com/time-to-make-data-breaches-a-thing-of-the-past/feed/ 0
Drawing-Out A Strikingly Compliant Role https://www.aegify.com/drawing-out-a-strikingly-compliant-role/ https://www.aegify.com/drawing-out-a-strikingly-compliant-role/#comments Wed, 09 Mar 2011 06:33:04 +0000 http://www.egestalt.com/blog/?p=88 While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a…

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

]]>
While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a subway train!

Reports of renowned organizations being subjected to steep penalties due to HIPAA violation are becoming regular. These reports have already started creating negative impressions directed at healthcare organizations, and giving patients an opinionated view. The increase in the penalty amount from $25,000 to $1.5 million as per the HITECH Act proves the significance of enforcing stringent measures for patients’ data protection. Yet organizations fail to convey the message effectively to their employees inviting trouble and criticism.

It is time healthcare organizations and providers took impacting decisions to fulfill their responsibilities. If the well-known organizations are capable of such negligence – willful or otherwise, jeopardizing the lives of their patients, then there is very little hope that small medical practices would not falter on this account. In any case it is the lives of the patients that are at stake.

Healthcare organizations need a proactive compliance strategy that can provide compelling solutions to all security related risks. SecureGRC SB is a wise and affordable option that can help organizations deal with all their existing compliance drawbacks. The solutions are cloud-based with real-time information and updates that help keep organizations on their toes.

With SecureGRC SB, the processes are automated, simplified and easily manageable. There is zero confusion and no complications involved in the execution of the process thus helping drive compliance smoothly and efficiently. With its commendable tracking and monitoring system it can effectively curb all propensities to overlook any regulations.

This solution is best suited for small medical practices as it keeps them in sync with HIPAA and HITECH regulations. It also ensures that the regulations relevant to business associates are up to date and concurrent with HITECH Compliance standards. It is only when organizations demonstrate a responsible healthcare compliance attitude towards their patients that they can expect a positive trend for mending and uplifting their battered reputation. With SecureGRC SB we can expect that trend soon, thus providing organizations relief from penalties and assuring patients sanctity of personal information.

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

]]>
https://www.aegify.com/drawing-out-a-strikingly-compliant-role/feed/ 8
Safe and Secure Compliance Practices For Small Business https://www.aegify.com/safe-and-secure-compliance-practices-for-small-business/ https://www.aegify.com/safe-and-secure-compliance-practices-for-small-business/#comments Mon, 21 Feb 2011 12:07:01 +0000 http://www.egestalt.com/blog/?p=83 It is a strangely paradoxical situation that despite revised and stricter compliance regulations the number of security breaches seems to rise. The HIPAA mandate was enforced to tone down risks threatening patients’ personal records. But there has hardly been any positive report of effective progress towards a threat free environment. As per a recent study…

The post Safe and Secure Compliance Practices For Small Business appeared first on Aegify.

]]>
It is a strangely paradoxical situation that despite revised and stricter compliance regulations the number of security breaches seems to rise. The HIPAA mandate was enforced to tone down risks threatening patients’ personal records. But there has hardly been any positive report of effective progress towards a threat free environment.

As per a recent study conducted by Redspin – the leading service provider of HIPAA risk analysis and IT security Compliance, between August 2009 and December 2010 6 million people have been affected due to security breaches. The number accounts for only those security breaches reported to the Department of Health and Human Services, which means that the actual number may have exceeded 6 million.

It is an alarming fact that despite efforts to tighten security measures, medical organizations especially the small practices are constantly a soft target for various kinds of illegitimate activities. And this is not just because of hackers who use sophisticated technology to disarm the security system, but also due to loss and theft of mobile devices which have become predominantly a regular practice.

The freedom to use USBs, cell phones, laptops etc to keep pace with the competitive world has made the employees and organizations overlook the discreet use of such confidential data and its dire consequences. Business Associates have been identified as another vulnerable link resulting in security breaches.

The small medical practices are consistently faltering in being compliant with the HIPAA/HITECH regulations as they are incapable of stretching their budgets to employ new infrastructure and deploy solutions to curb all malpractices.

SecureGRC SB is a one-stop solution for all security and risk assessment needs without any additional costs for a new infrastructure. This service is provided on the cloud which therefore fulfills all HIPAA / HITECH compliance requirements pertaining to small business. Small businesses are provided with complete control to gauge the requirements for HIPAA and HITECH through a simple self assessment menu.

The SecureGRC SB contains a central repository for all documentation purposes pertaining to HIPAA. It sends reminders to ensure compliance regulations are maintained. It follows an automatic updating schedule as per the latest and revised regulations. It provides reports regarding the compliance status for auditing. The solution ensures maintenance of a track record of the business associates and provides plug-ins in case of any PCI-DSS compliance requirement.

Small businesses can neither afford expensive solutions nor penalties for non-compliance. They need to adopt an astute approach towards IT healthcare compliance to achieve high scores. SecureGRC SB is the perfect solution – an affordable, precise and simplified option with guaranteed results.

The post Safe and Secure Compliance Practices For Small Business appeared first on Aegify.

]]>
https://www.aegify.com/safe-and-secure-compliance-practices-for-small-business/feed/ 5
EHR Incentives: A Catalyst for IT Security https://www.aegify.com/ehr-incentives-a-catalyst-for-it-security/ https://www.aegify.com/ehr-incentives-a-catalyst-for-it-security/#comments Mon, 31 Jan 2011 14:10:06 +0000 http://www.egestalt.com/blog/?p=80 In 2005, when HIPAA Compliant came into effect, healthcare organizations were required to mitigate risks by conducting periodic risk assessment. But until recently a significant number of healthcare entities did not put this into practice. According to a recent survey 14 percent of hospitals and 33 percent of clinics were yet to conduct their first…

The post EHR Incentives: A Catalyst for IT Security appeared first on Aegify.

]]>
In 2005, when HIPAA Compliant came into effect, healthcare organizations were required to mitigate risks by conducting periodic risk assessment. But until recently a significant number of healthcare entities did not put this into practice. According to a recent survey 14 percent of hospitals and 33 percent of clinics were yet to conduct their first risk assessment. However, the EHR program funded by the federal economic stimulus package has been a catalyst for information protection.

The billions of dollars worth of incentives set aside for hospitals and physicians for implementing secure Electronic Medical Recordkeeping (EMR) have spurred security initiatives in the healthcare industry. Many healthcare entities are now ramping up their security measures in governance risk assessment, encryption and email security, data loss prevention, and providing formal security training to employees.

To qualify for these incentives however, healthcare organizations must use an EMR system that has been certified to include specific functions comprising a strong set of security features. Hence, issues including threat mitigation, risk analysis, and compliance with HIPAA and HITECH Acts have now come to the forefront. However, a significant challenge stems from the fact that most medical practitioners are unfamiliar with encryption and user authentication technology, and the idea of conducting a risk assessment is foreign to them.

Sole practitioners and small HIPAA healthcare entities especially face issues in achieving and maintaining compliance with HIPAA and HITECH Acts. With HITECH redefining the responsibilities of Business Associates, creating stricter notification standards, tightening enforcement, and raising penalties for non-compliance, small healthcare entities are in need of a solution that can manage these elements efficiently and in a cost-effective manner.

Moreover, with the HITECH Act promoting and offering incentives for the adoption of secure EMR, small medical practitioners face a growing dilemma since adopting an EMR system not only means government incentives, but also greater security risks and bigger penalties for non-compliance.  This is where eGestalt’s SecureGRC SB comes in handy.

SecureGRC SB: Simplified HIPAA/HITECH Compliance Solution for Small Medical Practices

A unified security monitoring and compliance management solution delivered on the cloud, SecureGRC SB is the first of its kind. It offers an inexpensive, easy-to-use, automated system of compliance, specially designed for small medical practices, and their Business Associates to identify, remediate and maintain their HIPAA and HITECH compliance.

With built-in HIPAA/HITECH support, SecureGRC SB efficiently addresses all HIPAA/HITECH requirements, and also helps manage Business Associates with a simple wizard-driven automation tool. SecureGRC SB can be easily extended and automatically kept up-to-date with latest versions and revisions of these Acts.

The post EHR Incentives: A Catalyst for IT Security appeared first on Aegify.

]]>
https://www.aegify.com/ehr-incentives-a-catalyst-for-it-security/feed/ 7
Vulnerability Management: Secured IT, Assured Success https://www.aegify.com/vulnerability-management-secured-it-assured-success/ https://www.aegify.com/vulnerability-management-secured-it-assured-success/#respond Tue, 21 Dec 2010 18:46:23 +0000 http://www.egestalt.com/blog/?p=72 According to GartnerG2 (now Gartner Industry Advisory Services) a research unit of Gartner, 90% of cyber attacks leverage known security flaws and vulnerabilities, for which patches are already available. Gartner analysts also believe that several security attacks could have been avoided if organizations had focused more on vulnerability management efforts. Effective vulnerability management is therefore…

The post Vulnerability Management: Secured IT, Assured Success appeared first on Aegify.

]]>
According to GartnerG2 (now Gartner Industry Advisory Services) a research unit of Gartner, 90% of cyber attacks leverage known security flaws and vulnerabilities, for which patches are already available. Gartner analysts also believe that several security attacks could have been avoided if organizations had focused more on vulnerability management efforts.

Effective vulnerability management is therefore a perquisite for every business. But unfriendly economic conditions have compelled organizations to maintain a safe business environment, while also keeping costs low. This poses a major challenge since organizations today are spread across multiple geographic locations and time zones. In such a scenario vulnerability management can be a formidable task.

But with cloud-based security solutions offered by advanced GRC software, IT security compliance has assumed a new dimension. These solutions help streamline and automate vulnerability management processes and help patch security flaws.

Here are some other significant benefits of using a comprehensive security and vulnerability management solution:

Offers Complete Visibility- Vulnerability management solutions help in understanding the security posture of an organization, through comprehensive vulnerability assessment. This in turn helps in formulating security policies for IT Compliance with regulatory standards.

Ensures Compliance- Compliance audits are carried out at regular intervals to assess the actual degree of compliance in the organization. This helps in effective compliance management software by enforcing compliance best practices and ensuring fully compliant processes and procedures.

Facilitates Risk Management- By proactively detecting vulnerable areas within the network, and identifying exposure to potential threats, these software solutions help in effective risk management.

Offers Holistic View & Prompt Reporting- Vulnerability management solutions help gain complete control over risks and vulnerabilities by offering total visibility through a centralized view. Their advanced reporting capabilities enable organizations to take prompt corrective and preventive action before security gaps are exploited.

Improves Productivity & Lowers Cost- Since these security solutions are completely automated, they allow IT departments to focus on more critical tasks, thereby enhancing productivity. And they also help reduce administrative costs and management overhead, as a single efficient software solution, can effectively replace multiple disparate applications.

Managing a diverse network environment can be quite overwhelming. But a proactive, integrated, vulnerability assessment and management solution can dramatically simplify this by offering a complete GRC framework that can patch vulnerabilities, mitigate risks, and improve productivity.

The post Vulnerability Management: Secured IT, Assured Success appeared first on Aegify.

]]>
https://www.aegify.com/vulnerability-management-secured-it-assured-success/feed/ 0
7 Facilities in California Fined for Privacy Breaches https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/ https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/#comments Wed, 08 Dec 2010 03:49:27 +0000 http://www.egestalt.com/blog/?p=70 Privacy protection is a growing concern for organizations despite stringent laws governing data security. Medical institutions especially are experiencing challenges in safeguarding patient information. A number of data breaches have been reported in the HIPAA healthcare industry so far. And the most recent addition to this is six hospitals and a nursing home being fined…

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

]]>
Privacy protection is a growing concern for organizations despite stringent laws governing data security. Medical institutions especially are experiencing challenges in safeguarding patient information. A number of data breaches have been reported in the HIPAA healthcare industry so far. And the most recent addition to this is six hospitals and a nursing home being fined by the California Department of Public Health, for failing to prevent unauthorized access to patient data. The total fine amount adds up to $792,500.

Kern Medical Center in Bakersfield faced the largest civil penalty of $250,000 for losing 596 patient records, and an additional fine of $60,000 for allowing two employees to access and disclose a patient’s medical record on three occasions.

In a similar breach, Pacific Hospital in Long Beach was fined $225,000 after an employee admitted to memorizing personal information of nine patients, and setting up fake Verizon accounts using their information.

The state of California has the toughest privacy laws in the country with high penalties for data breaches. And Kaiser Permanente’s Bellflower Hospital was the first to be issued penalty under the state law enacted in 2008 for patient protection. The institution was fined $437,500 for failing to prevent unauthorized access to medical records of Nadya Suleman.

In all these incidents employees have been identified as the main cause for the breach. However, these institutions are also equally responsible for not being proactive in identifying and curbing insider threats. These incidents re-emphasize the need for an efficient security solution with effective threat management capabilities that can not only prevent such breaches in future, but also ensure a more secure data management process.

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

]]>
https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/feed/ 3
A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/ https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/#comments Mon, 22 Nov 2010 11:30:51 +0000 http://www.egestalt.com/blog/?p=67 The present IT environment is complex in nature, and much more than a handful of technical people operating and controlling systems with a few virus prevention tools. The complexity has increased manifold with a growing number of security threats being identified everyday. The security of confidential data is under question with potential risks from malicious…

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.

]]>
The present IT environment is complex in nature, and much more than a handful of technical people operating and controlling systems with a few virus prevention tools. The complexity has increased manifold with a growing number of security threats being identified everyday. The security of confidential data is under question with potential risks from malicious attacks that could affect the very survival of a business. As per a report from IBM, security issues have increased by 36% this year.

Timely Recognition of Long-Term Risks

Security cannot merely be defined in terms of Trojans, viruses or spam eagerly waiting to enter and incapacitate the central IT nervous system of an organization. Even the careless attitude of employees can cause security breaches within the network, and intentional attempts like hacking or willful destruction of critical data also cannot be ignored. In order to deal with this growing concern, you require automated IT Compliance software that can provide you with robust, end-to-end integration solutions.

Many organizations fail to enforce a compelling security environment that is in alignment with the business goals. The alarming rate at which these security threats are increasing is an indication that you need result-oriented techniques to help overcome this problem. The answer lies in an automated and integrated solution that can handle all IT risk management issues, and carry out overall effective corporate governance.

Intensifying the IT Environment with Cognitive Security Parameters

A cloud-based model capable of providing unified governance risk and compliance management solutions can help crack down potential threats, and can provide a remarkably safe IT environment. The solution contains a centralized repository for all compliance-based organizational data, and it considerably reduces the total cost of ownership due to its SaaS-based model.

It helps monitor and enforce the best regulatory standards and practices without delay. Due to its integrating feature, the time required for compliance is minimal, and the process is simple. Such an integrated compliance solution, addresses all vulnerability management solution needs by performing comprehensive scanning procedures, scheduling audits and providing exhaustive audit log trails for all compliance related tasks, so that compliance gaps can be bridged promptly with corrective measures. It also provides a complete report of compliance statistics which in turn helps identify your compliance status.

The aim of a capable IT security solution is to provide a set of comprehensive features, with solutions for effective threat management. Its main objective is to resolve issues concerning data leakage, insider threats, intrusion detection, and verification of controls. Therefore, with an integrated, comprehensive security solution, enterprises can ensure a healthier and safer IT environment.

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.

]]>
https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/feed/ 1
Is Your File Data at Risk? https://www.aegify.com/is-your-file-data-at-risk/ https://www.aegify.com/is-your-file-data-at-risk/#respond Mon, 11 Oct 2010 12:11:46 +0000 http://www.egestalt.com/blog/?p=61 According to market analyst firm IDC, file data accounts for nearly 80% of business data and has been growing at a rate of 60% every year. With such overwhelming growth in the volume of sensitive data files, persistent insider threats and complex regulatory mandates for data protection, there is immense pressure on organizations to secure…

The post Is Your File Data at Risk? appeared first on Aegify.

]]>
According to market analyst firm IDC, file data accounts for nearly 80% of business data and has been growing at a rate of 60% every year. With such overwhelming growth in the volume of sensitive data files, persistent insider threats and complex regulatory mandates for data protection, there is immense pressure on organizations to secure confidential data. Also, conventional file security approaches have failed in providing complete protection, as these methods have several limitations.

More often than not, organizations are unable to handle data security challenges because they are mostly unaware of the status of their file data security. And hence, assessing the file security posture of your organization is crucial in overcoming data security issues. Here are some questions that can help you assess the data security posture in your company:

  1. 1. Who controls/owns file data? The critical nature of data and its relevance to the business is often best understood by data owners. Hence they are responsible for protecting file data. But if your organization is unable to specifically identify data owners, then it is an indication that your file data might be at risk. On the other hand, if you have a clear idea of who your data owners are, it is easier to ensure that they work with other groups responsible for compliance and data security.
  1. 2. Who is accessing your data? To efficiently keep track of who is using the data and for what purpose, auditing is a prerequisite. An audit log can establish who the data owner is, who has access to file data, when or how frequently they access sensitive data, etc.  Audit logs also help identify security lapses and the reasons for these lapses. Hence, if your organization does not have a continuous auditing trail, your file data is at high risk.
  1. 3. Who has file access rights? Many security regulations require organizations to have clear visibility of file access rights. While this is a best practice to ensure data security, it is also essential to demonstrate compliance and reconsider or remediate excessive access. Your organization should therefore be able to monitor and report data access rights on an ongoing basis in order to prevent security breaches.
  1. 4. Do you know when there is a policy violation? Several organizations give excessive access rights, but do not review these rights periodically. If your organization is one of them, then your data is at risk. Access rights review cycles are very important as they help identify policy violations. By thoroughly analyzing access rights and file access activity, you can easily determine whether a violation has taken place. If this process is automated, problems can be detected and addressed as soon as the violation occurs.

While IT compliance mandates and data security concerns can be very challenging, you can effectively overcome these challenges by addressing the above questions. It is also a good idea to opt for integrated solutions for file activity monitoring, rights access, user rights management and compliance management. Such a solution can not only help address the above questions but also provide a comprehensive system of IT security and governance.

The post Is Your File Data at Risk? appeared first on Aegify.

]]>
https://www.aegify.com/is-your-file-data-at-risk/feed/ 0
Common Attack Techniques – In an Era of Industrialized Hacking https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/ https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/#respond Thu, 30 Sep 2010 08:55:10 +0000 http://www.egestalt.com/blog/?p=58 Gone are the days when hackers attacked perimeter defences. Today their objective is to take control of confidential data and the applications which process them. Hacking is now an operation involving global coordination, sophisticated techniques and persistent teamwork. And with clear roles and responsibilities being defined in the community, hacking is now a highly organized,…

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

]]>
Gone are the days when hackers attacked perimeter defences. Today their objective is to take control of confidential data and the applications which process them. Hacking is now an operation involving global coordination, sophisticated techniques and persistent teamwork. And with clear roles and responsibilities being defined in the community, hacking is now a highly organized, lucrative industry- whether we like it or not!

Like in any other industry, division of labor and specialization, have taken shape making the hacking industry more structured than ever before. The 3 key players in the hacking community are:

-Researchers: Otherwise known as exploit developers, researchers are not actually involved in exploiting systems, but look for vulnerabilities in frameworks and applications.

-Farmers: These are people who write botnet software to infect systems, and also maintain and increase the presence of botnets in the cyberspace. They probe applications to extract valuable data, execute password attacks, disseminate spam, and distribute malware.

-Dealers: They distribute malicious payloads. They also rent botnets for repeated, persistent attacks or targeted one-time attacks to extract sensitive information.

The sophisticated nature of today’s cyber attacks is a definite product of ‘hacking industrialization’. And the use of advanced hacking techniques has also contributed to a focus shift from stealing personal information and credit card numbers to stealing application credentials, for which 3 attack techniques have been identified as commonly used:

SQL Injections: Data theft is most commonly administered through this technique. IBM reported around 250,000 SQL injection attacks on websites around the world, everyday, between January and June 2009.

Denial of Service: This is an attack which is usually executed by blackmailing application owners to pay a ransom to free their application from an invasion of unwanted traffic.

Business Logic Attacks: In this type of attack, hackers target vulnerabilities in business logic. Unlike attacks targeted at application codes, these attacks often remain undetected. These attacks are not usually apparent and are too diverse to be expressed in vulnerability scanner tests.

These highly advanced security attacks make it increasingly difficult for organizations to fight threats and remain protected. Today, no web application is out of reach of hackers. Attack campaigns are quite common, not only against applications but against any available target. Therefore data protection is a must, and effective vulnerability scanning tools along with application-level security solutions may be very helpful in effective threat management and overall security.

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

]]>
https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/feed/ 0
Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security https://www.aegify.com/implications-of-the-dodd-frank-wall-street-reform-consumer-protection-act-on-data-security/ https://www.aegify.com/implications-of-the-dodd-frank-wall-street-reform-consumer-protection-act-on-data-security/#respond Thu, 16 Sep 2010 14:41:58 +0000 http://www.egestalt.com/blog/?p=52 While the financial services regulatory reform bill signed into law by President Obama last week will take some time to be put into practice, several industry experts have noted that this extensive legislation holds immense significance for information/ data security. Creation of a new consumer protection agency at the Federal Reserve, provision of new powers…

The post Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security appeared first on Aegify.

]]>
While the financial services regulatory reform bill signed into law by President Obama last week will take some time to be put into practice, several industry experts have noted that this extensive legislation holds immense significance for information/ data security.

Creation of a new consumer protection agency at the Federal Reserve, provision of new powers to regulators for safely liquidating failed financial firms, and imposing new guidelines for transparency in the derivatives market, are some of the objectives of ‘The Dodd-Frank Wall Street Reform and Consumer Protection Act’. This law is an outcome of the 2008 banking crisis.

However, there are now mixed opinions about this law, especially with respect to its implication on data/ information security. Protiviti Inc.’s risk and compliance practice director Michael Brauneis noted that the provision in the law for creating a consumer protection agency may lead to a number of data security issues, since it calls for regulations to allow consumers to obtain information about their transactions from financial institutions. This causes a high risk of identity theft, if these financial institutions do not ensure effective controls to check the identity of the person requesting information.

Also, the concept of ‘systemic risk regulator’ meant to gather information from the banking industry to prevent another meltdown can pose serious concerns for overall data management and security. And a report by Delloite LLP on the new financial reform also cites data aggregation and reporting as one of the top implications of the new law.

Therefore, for all those involved in financial services, this regulatory reform is a groundbreaking event and is being described as the biggest since the Great Depression.

With the ever-increasing number of regulatory requirements, IT security has come a long way from being merely an IT-centric control mechanism, to becoming a complete compliance control technique. While the timeline for this law to take effect is long, this is yet another regulation that reinforces the need for secure GRC solutions.

The post Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security appeared first on Aegify.

]]>
https://www.aegify.com/implications-of-the-dodd-frank-wall-street-reform-consumer-protection-act-on-data-security/feed/ 0