Security Intro

• Introduction
• Risks
• Horror Stories
• Planning
• News
• Regulations
• Industry Standards
• Security Column

Security Solutions

• The Need for Security
• Security Challenges
• Pervasive's Answer
• Trial Download

Security Dimensions

• Integrity
• Accountability
• Availability
• Trial Download

Data Security: What's It all About?

A statement of the obvious: data security is critical. Your customers depend on their computers and the data they process. The loss of critical computing resources can mean disruption of sales, lost customers and, in extreme circumstances, business failure.

Your customers depend on your applications to protect their sensitive, sometimes personal, data. In our modern, high-tech world, it is critical to your success that you make prudent decisions concerning the security of your customers' critical information.

In this portal, you'll find the best information available to help decision makers like you begin the process of constructing a secure, reliable IT infrastructure, and help you down the path to success.

The Risks to Data Security

There are many, diverse threats to data which a manager of the typical mid-size business must overcome. For his information systems, five key threats should be top of mind:

These five key vulnerabilities can lead to critical data loss and may ultimately lead to business failure. Additional information can be found at the following links.

• Six top security issues for executives
• Security: It's Not Just About Keeping the Bad Guys Out

Horror Stories

What happens to the unprepared? Some businesses haven't taken the time to prepare themselves from the risks we've identified. Without preparation, you and your customers face a much higher probability that such an attack is fatal. Follow the links below to learn about some businesses that didn't make it:

• Rain Soaked Hard Drives - What's The Worst That Could Happen To Your Data?
• Employers Beware As Staff Database Theft Increases
• Private Lives Of Millions Open To Mischief After Database Theft
• Security is Not a Luxury Anymore for Small Business

Planning for Data Security Success

You know the risks. You know what happens to those who don't prepare for them. Now what?

You can take steps today to arm yourself and your customers against these and other risks. A vast amount of free information from sources like the US government's Small Business Administration can be used to help define the practices and procedures you can follow when something bad happens (and to keep it from happening in the first place).

• Nine Simple, Cost-Effective Security Steps To Take Now
• How to Create a Disaster Recovery Plan
• Security Threats From Within: Few Know As Much About Your IT Security As Your Employees And Former Employees Do. Here's How To Safeguard Your Technology From The Inside.
• A Disaster Planning Toolkit For The Small Business Owner
• Contingency Planning And Disaster Recovery Guide

Latest News and Updates

If you want to get some of the latest information on the threats you face, these websites will keep you up-to-date with the latest news from key areas of IT security.

• Computer World Security Knowledge Center
• CERT Coordination Center

New government regulations around the world, covering various areas of consumer privacy and public disclosure, have created massive new demands on companies and individual professionals operating in certain key industries. These laws require greater scrutiny of data access and data storage methods. The following section provides a brief overview of the latest legislation and directives:

USA: Healthcare
Health Insurance Portability and Accountability Act (HIPAA)
Signed into law by President Clinton in 1996, HIPAA is intended to improve the efficiency and effectiveness of the US healthcare system by standardizing and supporting the electronic communication of patient data. A set of national implementation guides now provides specific standards, which include strict rules on privacy and control of patient data. Any organization operating within the healthcare industry must understand the ramifications of the HIPAA legislation. In order to begin your HIPAA education, refer to the following links:

• PricewaterhouseCoopers' Guide to the HIPAA Privacy Regulations
• PricewaterhouseCoopers' HIPAA Overview

USA: Customer Data
California SB 1386
Designed to protect residents from identity theft, California Senate Bill 1386 protects California residents from unintended disclosure of personal information by ensuring that residents are notified of a security breach that affects their personal data. Taken to its furthest extremes, SB1386 affects any organization doing business with California residents. For more information on this bill see the following links:

• California Requires Disclosure of Security Breaches

USA: Financial Institutions
Gramm-Leach-Bliley Act
An excerpt from the GLBA Act best describes the purpose of this legislation "It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." (Title V)

• FTC Facts for Business – Financial Institutions and Customer Data: Complying with the Safeguards Rule

USA: Accounting Practices
Sarbanes-Oxley
As a response to corporate scandals in large public companies in the US, the Sarbanes-Oxley act was signed into law in July 2002. This new law has far-reaching impacts on the disclosures and accounting practices of public companies in the United States. Based on timetables issued by the government, public companies must comply with Sarbanes-Oxley by a specified date.

• An Overview of the Sarbanes-Oxley Act of 2002
• Morgan Lewis Overview
• Deloitte & Touche Overview

Europe: Personal Data
EC Directive 95/46
The Data Protection Directive adopted in 1995, EC 95/46 protects personal data with specific rules on the processing and free movement of such data. Firms which collect online data must disclose the actual collection, the purpose of the collected data, and the identify the recipient. In addition the act prevents transmission of data to a country that does not have adequate protections.

• Wikipedia Entry
• http://www.ncipher.com/data_protection/compliance

Europe: Transmission of Personal Data
EC Directive 2002/58
The Directive on Privacy and Electronic Communications is designed to complement EC 95/46. This act covers all communication, including electronic communication. Specifically, article three of this legislation requires measures to protect personal data while in transmission and storage.

• Kevin Boone Overview
• http://www.legi-internet.ro/privacyelcomm.htm

Europe: Privacy in the EU
EC Directive 45/2001
Similar to EC 95/46 and 2002/58, this legislation extends privacy laws to the Community itself.

• http://www.legi-internet.ro/regprocesaredate.htm

Europe: The Foundation of Personal Data Security Law
OECD Principles
Enacted in 1980, the OECD Principles state that, "Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data."

• http://www.anu.edu.au/people/Roger.Clarke/DV/OECDPs.html

Japan: Healthcare
HPB 517
Japan's HPB 517, similar to the US's HIPAA act, is a healthcare specific law that protects the accuracy and authenticity of data storage, transmission and protects the patient privacy and access control.

Industry Standards

ISO 17799
ISO 17799 is a standard established to provide best practices in the areas of business continuity, planning, and security. ISO 17799 can be used by an organization to develop and evaluate its disaster planning activities.

• ISO17799 News

Visa CISP
"Customers who offer their card numbers to merchants through the mail, over the phone, or online want assurance that their account information is being guarded. For customers, it all comes down to selecting and doing business with a reliable, reputable entity. For merchants, it is a matter of protecting cardholder information and assuring cardholders that their personal information is safe." Excerpt, CISP Overview

• http://usa.visa.com/business/merchants/cisp_index.html