Ten Ways to Boost Data Security

By Britt, Phillip | Information Today, November 2006 | Go to article overview

Ten Ways to Boost Data Security


Britt, Phillip, Information Today


Today, most companies are focusing on data security issues and finding ways to ensure that sensitive information doesn't fall into the wrong hands. According to Paul Giardina, senior vice president for marketing at Protegrity Corp. in Stamford, Conn., there are 10 safeguards that can help companies protect themselves from falling victim to data breaches.

Giardina, who discussed security issues at the 2006 Teradata PARTNERS User Group Conference & Expo, held Sept. 17-21 in Orlando, Fla., said that companies should pursue "defense in depth" and add different layers of security as risk and value of the protected data increases.

Security threats can be addressed in specific ways to help mitigate the risks. However, the following 10 solutions are "just the start of data security processes," according to Giardina. "There is no silver bullet."

1. Comply with multiple, overlapping regulations.

In the past few years, the U.S. has introduced new regulations including the Sarbanes-Oxley Act, the Gramm-LeachBliley Act, the Health Insurance Portability and Accountability Act (HIPAA), various state breach disclosure laws, and laws in other countries governing some international firms. The Payments Card Industry rules (the newest version of which came out in September) encompass portions of all these laws, some of which overlap.

But rules don't overlap in many areas. So, Giardina recommended that companies map out a grid showing the different rules and how different IT projects might affect them. With the grid, the company can outline which technology projects will do the most good and bring them into compliance with the most laws, and then prioritize them that way.

According to Giardina, adhering to regulatory compliance should be the minimum level of security for a company. Security technology projects also exist that make sense from a corporate standpoint, but they aren't needed for security reasons.

2. Payment Card Insurance (PCI) compliance is a problem for more than 85 percent of merchants.

Visa and MasterCard have required compliance for more than 18 months so merchants could protect themselves from being subject to fines resulting from a data breach. But less than 15 percent had met PCI standards as of January 2006. Even if the percentage had doubled in the past 9 months, the majority is still short of the standard, which includes 12 different steps (http://www.pcisecurity standards.org/pdfs/pci_dss_v1-1.pdf).

First, Giardina recommended prioritizing projects based on which security holes present the highest risk to the company (i.e., adding firewalls for personal computers), and then ease of implementation.

3. Find ways to implement reasonable data security measures.

Implementing data security presents several challenges, Giardina said: Laws and regulations use the test of reasonableness of data security to determine the liability of the organization. "What's reasonable, like beauty, is in the eye of the beholder," he said.

Generally accepted guidelines might become default reasonableness standards, Giardina said. So companies are advised to maintain records of implemented security controls, policies, and enforcement of behavior that are reasonable. If a security breach should occur, it will not leave them liable for negligence.

And what is reasonable? The ability to cite best practices and industry benchmarks of technology deployments to demonstrate that your enterprise security program is reasonable, Giardina said.

4. Reduce high-risk behavior.

Companies are advised to reduce high-risk behavior, which continues despite company policies against it and security software designed to prevent it, according to Giardina. High-risk behaviors include transferring confidential data via e-mail or messaging applications, connecting unapproved devices (i.e., PDAs, personal laptops) to the network, accessing unauthorized data or unencrypted data on desktop or laptop computers, and copying confidential data using USBs or removable media. …

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • A full archive of books and articles related to this one
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Ten Ways to Boost Data Security
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

    Already a member? Log in now.