Interhack Home
Navigation

Interhack News
Year 2008
Year 2007
Year 2006
Year 2005
Year 2004
Year 2003
2003 Top CAT Nomination
HIPAA Security Solutions
From War Room to Board Room
Educational Background for Information Assurance
Forensic Computing Forum
Confessions of a Hacker
Expert HIPAA Security Training
Common Myths on Common Lisp
Computer Incident Response at INFOSEC Forum IV
Pete Ware Awarded CISSP
Litigation in Cyberspace: Electronic Discovery
HIPAA-SECURITY
PrivacyCon 2003
www.ohiohipaa.org Comes Online
Interhack Brochure Wins Bronze Quill Award
'Anatomy of Online Fraud' Released
Computer Forensic Training
Court Rules on Online Privacy
Law Seeks to Stem Identity Theft
The Key to Fraud Prevention
Is Network Security an Oxymoron?
Ohio Health Information Management Annual Meeting
HIPAA Security HyperRule Released
INFOSEC Forum: Making Security a Team Effort
Patch Panel: How, Why, and When to Patch Systems
Wireless Networks Open Another Avenue for ID Theft
Avoiding Vulnerability to Worms
Interhack sponsors HIPAA Road Map
INFOSEC: Friend or Foe?
Year 2002
Year 2001
 News

California Law Seeks to Stem Identity Theft Tide

"Sleeper" law set to take effect for anyone doing business in California without much notice; practical steps that covered entities can take.

Adding to the reasons for having a good information security program in place, California's SB 1386 goes into effect July 1, 2003. In an effort to stem the tide of identity theft, the law was written to require any person or company handling "personal information" of California residents report security failures.

SB 1386 isn't limited to California companies; all entities with personal information of California residents are covered. Under the law, companies that fail to protect personal information face several problems, including fallout from a public relations nightmare, defection of clients to competitors whose systems are perceived to be safer, and the potentially tremendous expense of civil liability.

Similar legislation is being considered elsewhere, including the United States Senate.

Reporting compromise requires detecting it. The capability to detect and to inform California residents of compromises is an absolutely minimum requirement. Obviously, avoiding security failures is preferable to informing your customers that you're responsible for unauthorized disclosure of their personal information.

Effective Risk Management Strategy

Ignoring risk is no longer a viable option; the most cost effective strategy is now to recognize that risk exists, that it must be managed, and that the implementation of an information security program that will identify and manage risk.

An effective information security program is a mechanism for risk management. Rather than blindly spending money on security products and services, risk management allows organizations to understand what their risks are, how they can best be addressed, and the potential impact of undesirable events.

When considering whether you have the capability to address these concerns in-house, or which vendor to provide you the support you need, be sure that you are getting satisfactory answers to these questions:

  • How will the proposed program help me to understand real risk to my organization?
  • How can I prioritize security concerns, being sure that the most effective prevention and detection mechanisms are put in place first?
  • How will the proposed program ensure that the risk management posture of the organization is in harmony with how we manage risk in other areas, e.g., liability in the marketplace, workplace, and exposure to financial risk?

Interhack offers a full range of Information Assurance services. Take a look at what we have to offer and let us work with you to define a program that gives you cost-effective help to real market concerns.

For More Information

 
Contact Privacy Policy (c) 2001-2008 Interhack