The most recent research conducted by the IT Policy Compliance Group shows that improvements to data protection and compliance by organizations are paying big dividends among firms with the most mature governance, risk management, and compliance management practices.

These include significantly lowering financial exposure and loss, and, substantially reducing audit expenses, by one-third to one-half annually. 

Unfortunately, this report has also found that only a minority of firms is enjoying the extraordinary business benefits associated with these most mature practices.

If your organization would like to address and/or improve its state of data protection and compliance readiness, then you should read this report and share it with your top management.

Click here to read this report.  

As reported by Scot Petersen , the Executive Editor of SearchCompliance.com and a contributor to IT Compliance Advisor, the Federal Trade Commission recently announced a delay in the enforcement of the Red Flags Rule, which requires companies to come up with programs to detect and respond to financial data breaches or identity theft.  

Having seen so many regulatory laws requiring similar ongoing extensions and changes to their enforcement dates, is this yet another indication of a potential major disconnect between the new regulatory laws and the efforts many companies are putting forth to get into compliance? 

Read this important and relevant article to help you arrive at your own answer to this question….  

A Report on “Review of Web Applications Security and Intrusion Detection

in Air Traffic Control Systems” (Report Number: FI-2009-049) dated May 4, 2009 was recently released.  This report presents the results of an audit of Web applications security and intrusion detection in air traffic control (ATC) systems.

This audit was requested by the Ranking Minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee.

RESULTS IN BRIEF

This report indicates that web applications used in supporting ATC systems operations are not properly secured to prevent attacks or unauthorized access.

In addition, it was found that FAA has not established adequate intrusion-detection capability to monitor and detect potential cyber security incidents at ATC facilities.  Click here to read more of this report.