Who’s Got Your Information — Today!

The twenty most recent reported data-loss or theft incidents of 2010, based on data reported by the Open Security Foundation* impacted the following organizations:

– Farber Enterprises, 30 Nov 2010
– Houston Independent School District, 2 Dec 2010
– University of Arizona, 2 Dec 2010
– American Check Casher of Oklahoma, 3 Dec 2010
– Mesa County, Colorado, 4 Dec 2020
– University of Wisconsin, Madison, 9 Dec 2010
– University of Alberta, 9 Dec 2010
– Gaelic Athletic Association, 10 Dec 2010
– Walgreens, 10 Dec 2010
– Genesco, Incorporated, 10 Dec 2010
– Mountain View Medical Center, 10 Dec 2010
– McDonalds Corporation, 11 Dec 2010
– NatWest, 11 Dec 2010
– Gawker Media, 12 Dec 2010
– Department of National Defence, Canada, 12 Dec 2010
– Mesa County Sherriff’s Office, 12 Dec 2010
– Mountain Vista Medical Center, 13 Dec 2010
– Ohio State University, 15 Dec 2010
– NY State Office, Temporary/Disability Assistance, 15 Dec 2010
– Dean Health Systems, 20 Dec 2010

* Source: Open Security Foundation, 2010 (see http://datalossdb.org/)

These twenty were preceded by another 351 during 2010, impacting: AMR Corporation, Aon Consulting, British Columbia Lottery Corporation, Citibank, Equifax, Federal Reserve Bank, Jackson Hewitt, Hartford Life Insurance Company, Loma Linda University Medical Center, Navy Federal Credit Union, NBC Universal, Paychex, Starbucks, St. Mary’s Medical Center, the U.S. Army, State Department and Verizon Wireless among many others.

For details of these and others, see the comprehensive database compiled and made available by the Open Security Foundation at http://datalossdb.org/.

What Others Can Find Out about You and Your Employees
Think you’re immune to the problem? Think again! Your employees are leaving trails all-over the Internet for anyone to exploit.

Visit What The Internet Knows About You – Today!
See http://whattheinternetknowsaboutyou.com/ to test it out for yourself
See http://wtikay.com/docs/details.html to read the background details

Due to lax or non-existent controls that make it easy to identify where your employees have been, who they are, and routes that can be used to craft attacks, it is rather easy to gather intelligence about you and your organization.

What Others Are Finding Out about You and Your Employees!
The widespread adoption of smart-phones, both inside and outside the organization, is leaving many firms exposed to personally identifiable data-sharing practices that are now being challenged in the courts. The most recent lawsuit targets Apple and the makers of Apps that run on the iPhone. The same Apps, App-makers and Android-based smart-phones could be next.

Read the news at:

• Apple sued over iPad and iPhone Add ‘data leaks’
See: http://www.bbc.co.uk/news/technology-12089225

• Apple, App makers hit with privacy lawsuits
See http://www.washingtonpost.com/wp-dyn/content/article/2010/12/28/AR2010122803648.html

• Apple Sued for Allegedly Sending Data to Advertisers
See http://online.wsj.com/article/BT-CO-20101228-706485.html

The lawsuits do focus the issue on appropriate uses of personally identifiable data – even if it’s too early to decipher the outcomes.

Beyond PID: Financial, customer, audit, security and other sensitive information
What’s more important, PID covering your employees and your customers, or senstive information about your financials, audit profile data, internal fraud investigations, configuration control data for your websites and critical data-bases, information security controls and procedures governing access to sensitive information, information covering strategic partners, suppliers, mergers or acquisition-plans, patient data, new drug-testing results, utility-grid data, minerals-exploration findings, new manufacturing methods, board minutes … or other information?

• Whatever you value, is it worth protecting, do you know where it’s located, who has access to it, and how it should not be used?
If you can answer these questions immediately: count yourself among the lucky 10 percent of the population that can!

• Do you know what your information risks are – today?
If you can answer this question in less than a week, count yourself among the prepared 8 percent of the population.
And, make sure the CEO and the board know about this.

Take Action — Today!
For 90 percent, it’s time to tell the CEO and the board what needs to be done, before you too become the next headline covered in the Wall Street Journal, The Washington Post, the BBC, and find yourself listed in the Open Security dataloss database.

See the recent research, “What Color Is Your Information Risk — Today?” at http://www.itpolicycompliance.com/research_reports/

The two-minute benchmark test
Too busy to read research? Take two-minutes to find out how well prepared you are by benchmarking and comparing your practices against others in your industry, your peers, and the best performing organizations.

The Assessments@ITPolicyCompliance for managing information controls compares your practices to manage information against the real-World choices and practices of more than 3,800 other organizations.

Visit: www.ITPolicyCompliance.com/Assessments/ – Today!

Find the answers to how your practices for managing information controls compare with:
• your industry
• your peers, and
• best performers

Practices covered by this assessment include:
• Segregating different kinds of IT systems
• Classifying information
• Identifying the locations of sensitive information
• Segregating access to sensitive information
• Prevention and detection
• Protecting sensitive information
• Detecting the leakage of sensitive information

Visit: www.ITPolicyCompliance.com/Assessments/ – Today!

Specific to your industry and size of your organization, all of the confidential and free assessments deliver immediate feedback on how well, or poorly, you are managing business value and risk related to the use of IT compared to others in your industry, your peers and the best performing organizations. More importantly, the two-minute assessments quickly identify how you compare with others and practices that will improve outcomes.

Who should be interested: senior managers in IT, audit, risk, and compliance
Time to value: minutes

Regardless of size or industry, most organizations are continuously looking to improve operational effectiveness across all functions: IT is no exception.

Improve your outcomes, visit Assessments@ITPolicyCompliance today.

Tags: information, information risk, risk