Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Tuesday, 13 August 2013 15:13

Implementing a good information security program

The frequency and potential impacts of information security breaches are increasing. Dr. Jim Kennedy explains why and looks at what organizations can do about it.

Computer, network, and information security is based on three pillars: confidentiality, integrity, and availability. In my business as an information & cyber security, business continuity and disaster recovery consultant, I see every day how various sized and types of companies address these three areas. Some very well, some not so well, and some really poorly.

Given all the regulations and standards (like HIPAA, SOX, NERC-CIP, FISMA, PIPEDA, and etc.), developed and published over the last five years you would think that business and government should be doing much better in securing their computing systems and network infrastructures. However, based on the on-going events prominent in the press and trade journals almost every day this does not seem to be the case.

We continue to be informed that government agencies and private sector companies continue to have numerous cases of data leakage: a politically correct way of saying data loss, theft, or compromise. We hear about the theft of credit card and personal information and worst of all we hear of companies that have lost critical personal and health related information despite the many security controls that were supposed to be in place. Worse yet we hear of extremely large sums of monies extorted from banks and other financial institutions and also of the fragility of our power grids and gas distribution systems world-wide.