Weekly Industry Round-up, Week of 4/26
Posted by hyperguard on April 30, 2010
eWEEK and Dark Reading discussed two reports issued by the Ponemon Institute this week. The first, commissioned by Imperva and WhiteHat Security, found that 70 percent of the respondents felt their organizations do not allocate sufficient resources to secure critical Web applications. The results show that 73 percent said senior executives were not strongly supporting Web app security efforts. To resolve this issue, communication between security operations and app development teams will need to improve.
The second, sponsored by security vendor PGP, found that a data breach in the United States could cost enterprises twice as other countries because of stringent regulations. In the U.S., where 46 states have introduced laws forcing organizations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were recently passed, costs were second highest. In Australia, France, and the U.K., where data breach notification laws have not yet been introduced, costs were all below the average.
Engaging Your Staff in Data Protection
While breaches cannot be eliminated, staff engagement in a data protection program can help reduce risk. For data protected by state or federal laws, such as social security number (SSN), personal credit card numbers (CCN), or protected health information (PHI) there typically legally required notification requirements, and potentially fines. If you are dealing with credit cards, you also have to conform to PCI-DSS, otherwise your merchant status is at risk. To help engage staff in data protection, employees should know processes and understand data classifications. Companies should also think about what messages to send that that will encourage staff to take ownership for protecting the information.
Serious XSS flaw haunts Microsoft SharePoint