Put security policies in writing!

The Federal Reserve Board, issued a new guide in December stating that all banks and other financial institutions must take certain steps to safeguard the personal data they handle.

Among other things, those entities are expected to tightly control who can access their customer information systems. The are also called on to monitor physical storage of paper records, set up monitoring systems to detect intruders and provide written contracts outlining how they will respond to suspected breaches.

It means that although federal law doesn’t explicitly say so, all companies that handle personal information for their customers should have written security policies.

“I believe this guidance is useful for a guidepost in enterprises outside of finance,” said Benjamin Wright, a frequent speaker on information security and e-commerce. “A written policy is the first step for establishing we are taking reasonable steps within our enterprise to ensure security”.

In the wake of several high-profile breaches last year, at both financial and nonfinancial firms, Congress considered a number of proposals intended to broaden data security laws. None of those measures advanced to consideration by the full legislative body. A new round of congressional action is predicted in 2006.

But for now, many companies must decide for themselves how best to safeguard their systems.

According to ZDnet.com.

This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

Leave a Reply