- +
What Price Innovation? 05 November, 2007 13:44:31
CIOs say they want more than the traditional “your mess for less” relationship with their outsourcing providers. And the providers want to market themselves as partners in innovation. So why isn’t it happening?CIOs say they want more than the traditional "your mess for less" relationship with their outsourcing providers. And the providers want to market themselves as partners in innovation. So why isn't it happening? - +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Strategies for Dealing With IT Complexity 24 December, 2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
How to Get Real About Strategic Planning 04 February, 2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such - +
9 Paths to Higher Performance 10 December, 2007 14:09:23
When an organization brings together talented people in a creative, collaborative environment it fosters a culture of high performance, which in turn leads to superior business resultsLike high-achieving individuals, some organizations seem to have the Midas touch. Virtually every initiative they touch earns them gold and even those that fail never seem to cost them much of anything at all
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Enterprise Wireless WLAN Security
Web Security SaaS: The Next Generation of Web Security
The Secrets of C-Suite Success
Taking On Demand CRM Integration to the Next Level
The CIO Executive Council Guide to Success
Dude! You Say I Need an Application-Layer Firewall?!
CRM your salespeople will love
Wireless LANs: Is my enterprise at risk?
Newsletter Subscription
California legislators will hold a hearing to debate on a proposed bill that would create new data security and breach notification requirements for all organizations processing credit and debit card transactions in the state.
The bill, officially known as AB 779, is being sponsored by the California Credit Union League (CCUL). It was introduced in February and has been amended three times since then, most recently on May 14.
If passed, the measure would explicitly prohibit retailers and other merchants from storing certain specific types of authentication data taken from the magnetic stripes on the back of credit and debit cards. This information includes card verification value and personal identification numbers, as well as encrypted PIN block data and payment verification codes.
The bill in California has similar goals as the Plastic Card Security Act that became law in the US state of Minnesota
The legislation would also require merchants to use so-called strong encryption routines and access controls while storing or transmitting other types of data, such as card numbers and the names of account holders.
In addition, the bill would mandate that a breached entity reimburse affected banks and credit unions for all the costs they incur to alert customers and reissue cards. And AB 779 would modify existing California state requirements on providing notifications of security breaches. Retailers would be forced to disclose more details about breaches, including a description of the categories of personal data that might have been compromised. They also would have to set up toll-free numbers for people to get more information.
The bill is scheduled to be discussed before the State Assembly's Committee on Appropriations. If approved by the committee, it would go to the full assembly for a vote before June 8. The measure would also need to be approved by the state Senate and signed by Gov. Arnold Schwarzenegger before it could become law.
Driving the need for such legislation are the burgeoning costs that credit unions have to bear as a result of retail security breaches, said Keri Bailey, a US-based lobbyist for the CCUL. Large and midsize credit unions can easily end up shelling out between $US500,000 and $US750,000 annually in breach notification and card replacement costs, Bailey said. Those figures don't include any fraud-related charges that might stem from breaches, she noted.
"Credit unions are unique in that we are cooperative financial institutions," Bailey said. "We are not-for-profit." As a result, she added, it's harder for credit unions to absorb the costs of responding to security breaches than it is for banks and other financial institutions.
Credit unions also take a bigger hit reputation-wise than banks do whenever they have to inform members of a breach and reissue credit or debit cards, according to Bailey. Currently, notification letters sent by financial institutions can't contain any information about where the breach occurred or the type of data that might have been compromised. AB 779 would allow banks and credit unions to mention the name and contact information of the breached entity and provide details about the data that might have been affected.
"This is an issue of fundamental fairness," Bailey said. "Right now, the burden is entirely on the financial institution." The Gramm-Leach-Bliley Act already requires banks and credit unions "to do a whole lot to protect people's data," she said. "But the folks accepting this data [for payment transactions] have no skin in the game."
The bill in California has similar goals as the Plastic Card Security Act that became law in the US state of Minnesota. The requirements included in the Minnesota law and the California bill codify elements of the Payment Card Industry Data Security Standard, which was developed by the major credit card companies. The standard, known by the acronym PCI, specifies a set of 12 broad security controls that all organizations accepting payment cards are required to implement.
A similar PCI-derived bill proposed in the US state of Texas this year was approved by the state's House of Representatives but didn't make it through the Texas Senate before the latest biennial legislative session ended. As in California, the bills in both Minnesota and Texas were pushed by associations of credit unions in the two states.
Such measures are needed to get retailers to become more serious about data security, said Steve Rowen, an analyst at US-based consulting firm. "What we've found is that without some sort of a prod, there is no compelling reason for retailers to be proactive about security practices," Rowen said.
Despite all the negative publicity generated by high-profile breaches such as the one disclosed earlier this year by The TJX Companies, retailers by and large haven't had to bear much fiscal responsibility for their security lapses, Rowen said. He added that although the PCI standard provides for contractual penalties to be assessed for data breaches, "to my knowledge, no retailer in any privacy breach has been forced to pay any actual costs" beyond their own expenses.
"At this point, it would seem that without legal punishments, lawsuits and hopefully federal law, there will be no catalyst for retailers to do what they should be doing," Rowen said.
Cliff Davidson, an associate at US law firm Proskauer Rose LLP, agreed that bills such as AB 779 are needed. "It is good that legislators are addressing this issue," Davidson said. "It remains to be seen whether the actual proposal imposes too high a burden on retailers and other businesses."
But Jon Hurst, president of the Retailers Association of Massachusetts, voiced concerns about Minnesota's new law and the proposed statute in California. Pointing to stalled efforts to pass similar legislation in Texas, Connecticut and other states, Hurst said he hopes that "cooler heads will prevail" in California as well.
"This is a one-sided proposal pushed by certain smaller banks that are not at the table with the big banks," Hurst said. Retailers already pay upfront for fraud-related costs via the so-called interchange fees associated with card use, he added. If smaller banks and credit unions want to be reimbursed for their breach-related costs, Hurst said, they should go after the bigger banks and credit card companies that collect billions of dollars worth of interchange fees from retailers annually.
"I understand their problem," Hurst said, referring to credit unions and small community banks. "But they should be working with [bigger] banks and the card associations to fix the system, and not trying to pass laws to bring more money their way."
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Cutting Through the Spin of Recent Vulnerability Disclosures 13 October, 2008 10:53:00
The FUD surrounding the ClickJacking and TCP/IP vulnerabilities has the world seemingly frozen in fear. But once you cut through the spin, the vulnerabilities aren't all that they were made out to be.There are a few highly publicised vulnerabilities at the moment which haven't completely been disclosed and which, it is claimed, could threaten the whole Internet as-we-know-it. Only, when the vulnerabilities are finally disclosed, it seems that the whole incident has been somewhat Chicken Little. - +
PCI app security: Who's guarding the data bank? 13 October, 2008 11:09:00
Compliance strategies for PCI's new application security requirementsWhile Willy Sutton never really said it, the truth is that people rob banks because that is where the money is. Today's criminals don't walk into banks with loaded guns and get-away drivers. Rather they connect from a remote location using a browser and are armed with hacking tools and spyware. - +
Data-center security tools to not overlook 10 October, 2008 11:37:00
With the rise of security suites, it's time to consider some emerging security tools and rethink othersProtecting a corporate data center is like trying to keep an elephant safe from a swarm of flies. Despite your best efforts, bites happen. As the staples of security -- such as firewalls, antivirus software, spam and spyware filters -- come together in suites of products that allow for sophisticated management, there are other security tools either emerging or worth a rethink. - +
IBM, Secret Service, others study identity/cybercrime issues 09 October, 2008 10:09:00
Center for Applied Identity Management Research organization teams experts in criminal justice, financial crime, biometrics, cybercrime and cyberdefense, data protection, homeland security and national defense.IBM, LexisNexis and the Secret Service are among a group of corporations, government agencies and academic institutions that has formed to study and help solve identity management challenges around cybercrime, terrorism and narcotics trafficking. - +
Strange account management at Amazon 09 October, 2008 09:51:00
A careless login led to the discovery of some strange ccount management practices at one of the Internet's largest retailers.Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.
NetStar Networks Calls Brisbane Home 13 October, 2008 12:01:00
New Verizon Business Managed Service Makes Collaboration Easier 13 October, 2008 10:06:00
F-Secure achieves excellent results in Internet security suite comparison 10 October, 2008 14:37:00
Lock It Up With Maxtor BlackArmour, Hardware Encrypted Storage Provides Government Grade Security For Consumers 10 October, 2008 09:04:00
Pitney Bowes MapInfo Launches New Version of AnySite 10 October, 2008 05:58:00
|
||
|
||
|
|
||
|
Taking On Demand CRM Integration to the Next Level
Discover the current integration challenges facing businesses attempting to deploy on demand CRM systems. Learn how to create comprehensive integration of your data, user interface and business process levels and transform a portfolio of disparate applications into a unified, virtual application suite.
Subscribe to CIO
