Another theme runs through the Guidance settlement: Information security requires a systematic approach. Some past FTC enforcement actions (Guess.com, for example) have focused on a single, catastrophic security failure, such as unencrypted PII. But the Guidance complaint sets forth a series of failures, outlined above, suggesting that the commission has increased its expectations for privacy-related data security programs. Specifically, it demands implementation of a broad spectrum of controls, including vulnerability-assessment procedures, encryption, database security, log aggregation and monitoring, and intrusion detection.
Here's the bottom line: The comprehensive nature of these regulatory demands should help drive the approach you take to securing the PII you maintain.
Click here for more information about the Guidance case.
Patrick R. Mueller Is completing his law degree and a master' degree in public affairs at the University Of Wisconsin-Madison, specializing in privacy and data security law and policy. He was previously a senior analyst for security consultancy Neohapsis. Write to him at [email protected].
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
