Privacy: Security pros should practice what they preach

By Shawna McAlearney, News Editor 16 Aug 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Security professionals should practice what they preach, and many don't when it comes to privacy.

Calling privacy "a neglected area" in information security, expert Sarah Gordon said security professionals need to set an example by taking advantage of technical and policy solutions that can help mitigate risks to corporations.

In analyzing a recent survey conducted by her company, Gordon, a Symantec senior research fellow, found that a surprisingly large number of security practitioners fail to encrypt sensitive materials.

A primer on encryption This tip is excerpted from the Microsoft 2000 Security Handbook by Jeff Schmidt and Dave Bixler, published by Que.

The majority of the 154 surveyed in the United States, United Kingdom and European Union failed to encrypt data on the hard disk (85%); don't encrypt all e-mail messages (98%); and don't even encrypt sensitive e-mail messages (62%).

Gordon noted that failure to take steps to protect this information could easily cost companies money through the loss of intellectual property, particularly when e-mail and attachments pass through many points with potential eavesdropping prior to reaching their destination. Other consequences could be the loss of time, work and credibility.

Gordon's advice to enterprises is standard. Encrypt this information to protect it in transit from prying eyes, and from theft by Trojans and malicious code on the hard drive.

Tags: Data Privacy and Protection,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Privacy and Protection How to write a risk methodology that blends business, security needs PCI compliance requirement 3: Protect data Mass. Senate seeks to amend, weaken data breach notification law Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy? Kodak CISO on virtualization, compliance Federal efforts to secure cyberinfrastrucure Attackers cash in on fundamental data handling mistakes, Verizon finds RSA panel to discuss surveillance, privacy concerns Mass. officials explain new data protection regulations HIPAA changes force healthcare to improve data flow Data Privacy and Protection Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cypherpunk  (SearchSecurity.com) Data Encryption Standard  (SearchSecurity.com) P3P  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary