Archive for the ‘Compliance’ Category
Dennis Brixius
VP Risk Mgt & Cso at McGraw-Hill Greater
New York City Area
Data breaches make news quite often. When credit cardholder data or identities are compromised, enterprises face bad publicity, lasting damage to their reputations, lost business and possible fines. The global average cost of a single data-loss incident was greater that $3 million in 2009, according to a report from the Ponemon Institute.
That’s why the major credit card vendors developed the PCI DSS (Payment Card Industry Data Security Standards). Enterprises that take credit card payments—whether online, over the phone, or using credit card machines or paper forms—need to comply with these standards, even if using an outside service provider.
Darrel Lowery
Vice President, Federal Programs at Enterra Solutions
Washington D.C. Metro Area
Sharing information can be your greatest asset or your greatest risk. It is essential to your everyday business and probably not viewed as a formal business function such as Quality Assurance (which should not diminish its importance). Information Sharing Governance is often decentralized and controlled by the individual business departments that perform a task or manages a process where information is shared with business partners, customers and/or regulatory agencies. Some companies do implement general security policies that are centrally administered from a security or IT department and follow an industry standard (e.g., ISO 27001) or comply with federal standards (e.g., Federal Information Security Management Act (FISMA)) that address accessing data and information sharing.