[Dataloss] REDUCING THE IMPACT OF PII SECURITY BREACHES

henry ojo henryojo at yahoo.com
Tue Jul 18 06:49:35 EDT 2006 

    REDUCING  THE IMPACT OF PII SECURITY BREACHES
       
       
      The  persistent security breaches that occur in so many organisations and  institutions are no longer big news. What is worrying is that while it is  expected in financial institutions, as obvious targets for their ‘monetary  rewards’, it is rather unexpected in that about a third of the reported  security breaches in the U.S. occur in educational institutions.
      Obviously  the level of protection afforded the information (mainly Personal Identifiable  Information PII) held by  these  educational institutions is much less than their financial counterparts, yet  the data breaches could be just as damaging.
      What makes  the PII so valuable to fraudsters? Loans, mortgages, credit cards, illegal  employment could be obtained using this kind of information.
      This now  rests the burden of responsibility at the feet of organisations that use PIIs  as the only way to validate the identity of applicants for their services.
      Fraudsters  use this information largely because it is inherently ‘low risk’ with huge  returns as the risk of being physically present is eliminated by organisations  relying heavily on e-commerce.
      The  question is, do the benefits of cost cutting, easing organisation’s operations  by doing substantial amounts of business online outweigh the impact of not  providing enough protection to customers PII by not streamlining processes and  procedures to aid the security of customers PII at the risk of  legislative/regulatory fines etc.
      A  suggestion to revert to the stone ages is not being conceived but the emphasis  on using PIIs for validations, verifications and even in some cases  authentication by a lot of institutions should be reduced.
      Biometrics,  token password solutions provide alternative authentication mechanisms, which  organisations avoid because of costs, but in the long term an ROI might justify  the investment against legislative/regulatory fines, litigation, legal fees and  loss of goodwill/reputation.
  
       
    

Henry Ojo BSc HISP BS7799 Auditor
www.efortresses.ie
Cell: 00353 874182266
Office:+(0) 7958430094
Fax   :+(0) 7092 0950843
 		
---------------------------------
 The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20060718/2e181b8d/attachment.html

More information about the Dataloss mailing list