Has the Data Security Problem Become an Epidemic?

Confidential customer data is exposed online, despite the assurance that security measures were in place to prevent such a problem. ChoicePoint Inc., LexisNexis, and DSW Inc. were all victims of online security breaches. Ameritrade and Bank of America both admitted lost physical data tapes containing confidential client account information. Recently, Carnegie Mellon notified 19,000 students, alumni, faculty and staff that their confidential information may have been compromised. An April 2005 GAO report found that though the IRS is making progress fixing security holes in systems that it operates, they aren't keeping pace with new vulnerabilities, risking exposure of sensitive financial data of the taxpaying population of the country. To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced. What about companies like Google? As they expand their service offerings with GMail and Google Search History, where they are increasingly responsible for retaining client data, will they become a bigger target for attackers? This is the problem. What is the solution? Are there any tips for people to help protect their identity and confidential financial information? What firms go above and beyond the call of duty to ensure that their client data is secure?

18 security auditors to check cyber crimes

In the backdrop of heightened concerns over cyber security, Indian Computer Emergency Response Team (CERT-In) has decided to empanel 18 security auditors, including Satyam, TCS, PWC and Sify, to identify vulnerabilities in the network infrastructure of various companies and organizations.

"In all, 18 companies have been short-listed and we will be announcing their appointment in a week or two. Amongst those who have been short-listed are Satyam, Sify, TCS, PWC, CyberQ and Sysman," Dr K. K. Bajaj, Director of CERT-In, said on the sidelines of a seminar on Indo-US Cyber Security.

These firms would audit networks, processes, people and technology that form an integral part of information systems of companies. The model followed would involve voluntary compliance on the part of government departments, public sector organization.

CERT-In was constituted in January 2004 to tackle any possible hacking or virus attacks on the information systems, including the country's vital networks such as power, railways, aviation and Defence. It provides reactive and proactive services to enhance cyber security.