http://peritussecurity.com/business.php
Home |
http://peritussecurity.com/business.php
News & Events |
http://peritussecurity.com/business.php
Businesses |
http://peritussecurity.com/business.php
Credit Unions |
http://peritussecurity.com/business.php
Solutions |
http://peritussecurity.com/business.php
Documents |
http://peritussecurity.com/business.php
About Us |
http://peritussecurity.com/business.php
Contact Us
Information Security for Businesses

What's New?     MA 201 CMR 17.00 is new and in effect!

Every year, millions of unsuspecting Americans are put at risk by unscrupulous individuals stealing or gaining access to their personal information. Increasing, businesses are being held accountable while state and federal regulator seek to increase their control over how businesses handle our personal data.

  • FEDERAL - Many of the common regulations target specific industries and types of data, for example:
    • Financial - Sarbanes-Oxley (SOX), Graham-Leech-Bliley (GLBA), Federal Financial Institutions Examination Council (FFIEC) etc.
    • Medical - Health Insurance Portability and Accountability Act (HIPAA)
    • Credit Card - Payment Card Industry (PCI)
  • STATE - In an effort to help protect the personal information of their residents and to hold businesses accountable for not adequately protecting personal information.
    • 44 States have enacted some form of Information Security Regulations designed to protect personal information.
    • Massachusetts has enacted the most comprehensive state regulation in the nation. It targets the protection of state residents personal information by enacting a detailed set of provisions that are based on information security best practices as set forth in ISO 27001 information security framework.

Peritus has been working with clients in various industries to assess there IS posture and to develop practical, cost effective Information Security Programs based on ISO 27001 to help manage their compliance efforts. Although there is some cross over between various federal and state regulation, 201CMR17 stands to reset the bar by which we measure information security compliance. Some of the unique features of the new regulation include:

  • 201CMR17 applies to any organization that touches or retains personal information for a MA resident, not just MA businesses.
  • It applies to both electronic and "paper" records
  • Requires a formal written information security program (WISP) and all of the policies, processes and procedures that support it.
  • Specific requirements related to Antivirus, Firewalls, intrusion detection, encryption, etc.
  • Requires ongoing monitoring, naming of an IS Coordinator and ongoing training of staff
  • It has teeth: $5,000 per incident (record) to $50,000 per incident for failure to properly report

What do you think about the new laws?

The "Blog" section offers you the opportunity to have your opinion heard, as well as get ideas and feedback from a qualified Peritus information security professional:

Join us here on our "Blog" site and share your ideas

If you do not feel comfortable asking your questions in a public format, feel free to contact us through our information request form located on the "Contact us" page or call us at 413-224-1237

Why Peritus Security can help you

Peritus Security is in a unique position to help businesses not only create information security management programs, but help them manage their infrastructure to make safety and compliance a reality. With Peritus Security you receive the best professionals with many years of information security experience. Additionally, we are not just consultants that implement academic ideas, we are seasoned professional that understand corporate infrastructure and how it functions to support the business. The combination of experience, knowledge, and technology makes Peritus the right choice.

 

Credit Unions

The Credit Union industry represents a unique challenge for Information Security specialists. With a seemingly endless list of Information Security compliance requirements and the NCUA, Federal and State Regulators beginning to focus on IT Security compliance, it is critical that your institution have a holistic approach to Information Security. Peritus has developed a unique and highly effective approach to Information Security Compliance that utilizes the ISO 27001 framework as the basis for your Information Security Program and is used as the cornerstone for our thorough, yet cost effective, suite of services which includes: Auditing, Assessments, Penetration Testing and ISMS consulting.

Peritus Security is in a unique position to assist credit unions with their compliance driven information security needs. Whether it is GLBA, PCI, or any of the other requirements handed down by the governing bodies, Peritus is an expert in the credit union information security and compliance space.

View our Credit Unions website for more information.

Information security for businesses

Whether you are a retailer, health care provider, a distributor, an insurance agency, a law firm, or a manufacturer - information security is part of your business. With such high profile stories in the news almost daily, stories about millions of customer credit card numbers being stolen, or web sites being sabotaged - it's no wonder that businesses are taking notice of information security. It is not just the fines that these businesses face, it is the more the damage done to reputation and the erosion of customer confidence in your ability to keep data safe when people choose to do business with your organization.

Crippling your business?

We all depend in information technology to keep our businesses in the black, but what happens when that technology in no longer available to support your goals? Outages of the types that support your ability to drive revenues mean that you are effectively out of business. How do customers feel about you when they try to visit your website and it is not there? How will they feel when you must tell them that you have "lost" their credit card information? What will happen you tell them that you are sorry but they can only use cash to pay for services or merchandise when you can no longer process credit cards? With so much money being spent on technology as a business catalyst, it is important that close attentions is paid to the means to protect that technology and the function they provide.

Compliance requirements

There are many new laws in place that mean to protect customers and investors from the vulnerabilities that exist because of business exposures. If you work in health care, you know about HIPAA, if you are a public company you know about Sarbanes-Oxley, if you are accepting credit cards for any type of payment you know (or you should know) about PCI. The penalties for not being in compliance are growing exponentially as the losses of the general public rise. There are public outcries for additional reforms as well as steep penalties and even jail time for those business people that do not follow compliance requirements.

Disaster recovery and continuity

Viruses and hackers are only small parts of the information security puzzle. Considering that most businesses will not survive without a disaster recovery or business continuity after only six days of sustained outages, it is important to develop the policies, procedures, and processes to protect everything that your company has worked so hard to achieve.