PRWeb The Leader Press Release Distribution
See How PRWeb Works

We're here to help 1-866-640-6397

Login Create Free Account

Why PRWeb Customer Examples Pricing Tools & Tips

All Press Releases for March 9, 2005 Subscribe to this News Feed    
 

Security Blunders at Large U.S. Companies Could Easily Have Been Avoided: Security Expert

Recent privacy and security blunders committed by U.S. firms such as Bank of America and ChoicePoint were not only avoidable, but could have boosted the companies stock price instead of harming their integrity and credibility.

Toronto, (PRWEB) March 9, 2005 -- Informatica (www.InformationSecurityCanada.com) president Claudiu Popa said: Were not trying to say these firms are worse than others. Hundreds of companies are making the same mistake every day and I advise executives against it as often as I can. Whats special in the case of these two firms is the critical issue of the weakest link. Whenever you dont have a watertight security strategy and a complete set of enforced policies, you will always come across an exploitable weak link. In many cases, that link will be exploited for months or even years if it ever even gets detected".

Two common weak links for companies are:
- disparities between the security applied to perimeter security and internal security and
- the security applied to backup records

These two issues are the product of complacency and an inability to see the big picture of security" said Popa. in most cases, these firms actually do regular penetration testing and network security audits, but it certainly wont help them detect and mitigate the risks and threats that recently toppled Bank of America and ChoicePoint. That comes with experience and its a high price to pay when youre the victim."

Claudiu Popas company is Informatica Security, a Toronto-based consulting and training organization that provides complete information security products and services. there are some simple things that these companies needed to do to avoid this public debacle" said Popa.

Conducting process audits and application security assessments is one. This needs to be policy driven and will always result in finding the weak link, even as you cross over the boundary from the outside to the inside. youre no longer looking at the problem in terms of network security. It is a process, an application, a procedure that takes place at a higher level and the bad guys were the first to find and exploit the loophole. Thats what makes it so damaging and embarrassing".

In the second case, matching corporate policies with data classification procedures will always eliminate the weakest link. Most companies handle the protection of sensitive information adequately while its located on servers, but when it comes to protecting backup sets, they fall short. Backups are one of the biggest areas of risk for all companies today. Whether you are a microcompany or a multinational enterprise, at least part of your operations can be precisely duplicated by using stolen backup tapes. That threat is compounded by the fact that most companies place very little importance on the security of those backup tapes."

Claudiu Popa recommends that backup data needs to be encrypted to make it useless to unauthorized parties and the process of transferring these tapes should be secured and verified regularly. Why should you trust a stranger who comes to transport your tapes to a remote location? Are your Service Level Agreements in place to protect you in case you lose all the data in your company? Have you audited your offsite backup service provider? Most companies have the wrong answer to these questions and the longer they wait to improve the situation, the higher the risk of an undetected security breach that can translate into legal liability, breach of regulatory compliance, loss of business and public embarrassment."

Informatica Corporation (www.InformationSecurityCanada.com) provides advanced security consulting to companies that care about protecting information assets. The company offers detailed 3rd party and service provider audits, application security assessments, data encryption hardware for backups and software for secure communications.

Claudiu Popa is a certified information security expert and trusted advisor to businesses small and large. He publishes a monthly email newsletter - The PULSE - designed to inform, entertain and bring awareness to technical and non-technical audiences alike. Subscribe for FREE at www.InformationSecurityCanada.com

For more information:
Claudiu Popa, President
416-431-9012
Claudiu@InformaticaSecurity.com

CO: Informatica Corporation - Information Security/Risk Management
ST: Ontario
IN: HTS

# # #

OPTIONS
Printer Friendly Version
Email this story to a colleague
CONTACT INFORMATION
Claudiu Popa
INFORMATICA CORPORATION
416-431-9012
Email us Here
ATTACHED FILES

There are no multimedia files attached to this release. If this is your release, you may add images or other multimedia files through your PRWeb News Management Console.
ABOUT PRESS RELEASES
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 

© Copyright 1997-2009, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

About PRWeb | News about PRWeb | Contact Us | Terms of Service | Privacy Policy | Copyright