Find White Papers
Home
About Us
List Your Papers
Popular Research | Technology Topics | Vendor Directory
    
> Trend Micro, Inc. > Protecting Sensitive Information in an Increasingly Leaky World

Protecting Sensitive Information in an Increasingly Leaky World

White Paper Published By: Trend Micro, Inc.

Information technology (IT) security is indispensable to an organization's ability to conduct business and achieve its objectives. Security requirements affect almost every business process and system, and successful security measures help protect a business’ brand value, stakeholder confidence, risk management strategies, and compliance status. Requirements vary among industries, geographies, and regions, but the need to protect privacy, retain important data, and facilitate e-discovery are common to all. This paper provides an overview of the regulatory landscape and identifies steps to take for defining a flexible compliance strategy.



Tags : 
trend micro, trend, e-discovery
Trend Micro, Inc.
Published:  Apr 29, 2009
Type:  White Paper
Length:  11 pages

Regulatory Compliance
Trend Micro, Incorporated
Protecting Sensitive Information in an Increasingly Leaky World
A Trend Micro White Paper I March 2009Regulatory Compliance: Protecting Sensitive Information in an Increasingly Leaky World
Table of CONTENTs
I. Regulation Creates Waves Worldwide  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
II. Common Themes Recur  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
III. Identifying a Flexible Compliance Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
IV. Solutions for Helping Achieve Compliance - and More . . . . . . . . . . . . . . . . . . 10
V. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
VI. EXHIBIT A  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
2 White Paper | REGULatory compliance: protecting sensitive information in an increasingly leaky worldRegulatory Compliance: Protecting Sensitive Information in an Increasingly Leaky World
Information technology (IT) security is indispensable to an organization's ability to conduct business and achieve its objectives. Security requirements affect almost every business process and system, and successful security measures help protect a business' brand value, stakeholder confidence, risk management strategies, and compliance status. Requirements vary among industries, geographies, and regions, but the need to protect privacy, retain important data, and facilitate e-discovery are common to all. This paper provides an overview of the regulatory landscape and identifies steps to take for defining a flexible compliance strategy.
i. Regulation Creates Waves Worldwide
At its simplest, "compliance" is the adherence to an accepted policy or set of requirements. Policies can range from those that help the business avoid worst-case scenarios - such as customer churn, litigation, and fines for noncompliance - to the "should haves," including IT security standards and corporate mandates to protect its brand and stakeholder confidence.
Achieving - and maintaining - compliance requires more than just the hardware or software products that can provide automation. Enterprises must address compliance through employee training and enforcement. In global enterprises, achieving and maintaining compliance becomes even more challenging because they must comply with domestic and international regulations.
Although many nations and jurisdictions have had privacy laws on the books for decades, most were written for a paper-based world. Proliferating electronic data communication and storage have made data theft more damaging, and retrieving critical data has become considerably more challenging. For example, civil proceedings subpoena emails as evidence, often dating back several years, such as in cases of patent infringement or financial fraud. The vast volume of regulated electronic content has resulted in updated regu- lations to cover electronic communications.
In the U.S. alone, more than 700 state and federal privacy and surveillance laws existed in 2008 (Compilation of State and Federal Privacy Laws, Privacy Journal, 2008). In October 2008, the state of Nevada enacted a law requiring all businesses to encrypt all personally identifiable information (PII) - including names and credit card numbers - that are transmitted electronically. Other state laws, such as Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth, apply to all organizations that maintain personal information about a Massachusetts resident - whether they do business in the state or not. This regulation outlines specific technical controls that are required, including encryption of all records transmitted across public networks and data encryption on all laptops or portable devices.
Although some regulations are voluntarily adopted, others are the result of industry or regional mandates, such as the European Union Data Protection Directive. This directive requires that member countries adopt standards for the collection, storage, and disclosure of personal data. An example of th... [download for more]

Search