eBay, Target security breaches could have been avoided with proper policy enforcement
Growing data breaches indicate failure to independently audit corporate security and privacy policies
TORONTO, May 22, 2014 /CNW/ - According to recent studies, the number of security investigations is increasing by more than 50% annually, while IT professionals report being pressured to finish projects before they are secure (Trustwave). A surprising 16% of businesses openly confess to not being concerned about data breaches yet basic best practices continue to be overlooked, leading to ever-larger losses.
The most basic way to assess security and privacy risk is to conduct independent administrative security assessments. Informatica's Verify Policy™ audit process rewards companies with a security seal and includes a professional report designed to build customer trust and recognition for the client.
Which policies matter the most?
"The the most critical policies have changed over the years" said company president Claudiu Popa, a security consultant and author. "Companies now need to design and enforce policies that specifically prevent the most common threats: phishing, social engineering and the proper configuration of systems."
For companies small, medium and large, there is no substitute for having a robust, standards-based information risk program, but the effectiveness of those security and privacy safeguards can only be determined by an independent audit.
Verify Policy™ is an audit process based on global standards that helps organizations gauge their own risk maturity. Business owners and managers use the annual assessment to review:
- Employee awareness of the company's security policies
- Enforcement of data collection procedures and privacy
- The documented security of their computers and mobile technologies
- Service-level agreements with third-party vendors
About Informatica Security
Established in 1989, Informatica is Canada's first security-assurance-as-a-service provider, focused on independent security and privacy auditing.
Informatica provides a complete range of standardized risk assessments including:
- Website stress-testing to prevent outages
- IT security & physical audits
- Privacy Impact Assessments
- Policies and procedures
- Workforce security awareness
- Compliance & Controls
Verify™ risk assessments are available to government agencies and companies of all sizes, across all industry sectors.
Reviews/pre-audit assessments for PIPEDA, PHIPA/HIPA/HIA, CASL, PCI-DSS 3.0, ISO 27000/31000, Bill198 conducted by certified security professionals and Risk Advisors.
SOURCE: Informatica Security Corporation
Claudiu Popa, CEO/Principal Risk Advisor, email: [email protected], www.SecurityAssessments.ca, 416-431-9012x.111, Twitter:@datarisk, Informatica Corporation, 1 Yonge St. Toronto, Canada
Share this article