Security and risk management
Security and risk management
The security and risk management topics page provides IT management with up-to-date information and resources on IT asset management, data security and privacy, IT security management, disaster recovery and risk management.
Sub-Topics
Compliance doesn't begin and end with the Sarbanes-Oxley Act (SOX). Company must also keep up with the various security standards, the Health Insurance Portability and Accountability Act (HIPAA) and numerous other regulations and guidelines. It's a tall order, but it's one company must face in order to protect their customers and stay in line with standards set by the IT industry as well as the government.
Managers and CIOs face regular data security and privacy issues as they are expected to effectively use technology to share data while still following specific rules and regulations to protect personal information.
Health Insurance Portability and Accountability Act (HIPAA) protects health insurance coverage for workers and their families when they change or lose their jobs.
Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management is controls that the organizations need to implement to ensure that it is sensibly managing these risks.
IT asset management is the set of business practices that join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment. Assets include all elements of software and hardware that are found in the business environment.
IT auditing is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's goals or objectives.
Information technology law is a set of recent legal enactments, currently in existence in several countries, which governs the process and dissemination of information digitally. These legal enactments cover a broad gambit of different aspects relating to computer software, protection of computer software, access and control of digital information, privacy, security, internet access and usage, and electronic commerce.
The Sarbanes-Oxley (SOX) Act was signed into a US federal law on 30 July 2002. The Act is designed to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures. The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure.
List Topic Article
Highlights
At least 75% of Asia Pacific organizations have experienced cyber attacks in the past year, costing them as much as US$763,000 annually, as companies grapple with gross understaffing, strict compliance, and exponentially rising cyber threats in their respective firms.
Smart grids are touted to be the next-generation technology that will curb the rising levels of carbon emissions produced by the incessant, inefficient and unhampered use of electricity. But is the technology that full-proof when it comes to IP security?
During the opening keynote address at RSA Conference 2010, Art Coviello, President of RSA, The Security Division of EMC urged his colleagues in the security industry to embrace the challenges and opportunities presented by increasingly virtual infrastructures and adopt a more expansive security vision by focusing on the IT transformations associated with cloud computing.
The UK Government’s Technology Strategy Board has selected Citicus to develop a capability for managing risks to key industrial control systems that support the critical national infrastructure. Citicus will collaborate with RWE npower and other key industry partners to deliver a major advance in the protection and security of critical information infrastructures that underpin the continuous supply of essential utilities and commodities.
The Imprivata OneSign Secure Walk-Away, designed to protect unattended hospital workstations from unauthorized access, has recently been rolled out. The innovative new product leverages intelligent computer vision technology with active presence detection and user tracking to identify an authenticated user in front of a workstation, automatically locking the desktop upon their departure and providing instant re-authentication upon their return.
Digital signages are the new thing for advertising, but how vulnerable are they from attacks by outside forces?
Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).
Almost 20 years since the commercialization of the Internet, no business or individual could possibly function without it. But the World Wide Web is not without its flaws. The online threat environment has intensified in the last few years due an increasing pool of sophisticated fraudsters and the availability of new technologies that has facilitated such criminal activities. In this article, Geoff Haydon, Vice President, Asia Pacific, RSA, identifies the Top 8 forms of online attacks to watch out for in 2010.
