In a recent survey conducted by the Ponemon Institute, and supported by the security firm Imperva, it was found that 71% of the firms interviewed don’t view the Payment Card Industry Data Security Standard (PCI DSS) as a strategic initiative for their organization(s).

The data in this report states at least the following reasons for the lack of strategic importance linked to PCI DSS: (1) its hard work and requires constant monitoring and maintenance, (2) there is the perception that good security does not increase market share — i.e. consumers do not reward companies when nothing bad happens, and (3) most companies reported that they don’t believe the worst will happen to them — and — even if it does, they anticipate being able to handle the cost of the breach and move on.

Another observations was that 79% of this very same group has experienced a data breach that involved the loss or theft of credit card information.

The data in this report also hints that to incur the cost of a breach is cheaper than paying for what it takes to protect the systems and data.

George Hulme wrote about  more details of this report’s findings in an article posted on the InformationWeek’s Security Weblog — which you can read by clicking here.

You can also access this free report by registering at the following website:

https://www.imperva.com/ld/ponemon.asp

In an article written by Greg Lawn for Computerworld magazine, the timely topic of e-discovery was addressed from a viewpoint of suggesting what to do to avoid a potential e-discovery disaster.  Because so many companies are now exposed to more regulations and compliance issues than ever before, every company should have an awareness of this issue as a regular agenda item in management meetings.

While the processes to follow do not have to be overly complicated, those processes should reflect a best practices approach when being implemented into an organization.  Greg Lawn’s articles attempts to do that by listing the following major best practices to help an organization avoid such a disaster scenario:  (1) Talk to your company’s legal department regularly about e-discovery, (2) Make your information-handling practices routine and consistent, (3) Keep an audit trail of your activities, (4) Know who had the data under legal hold request and when, (5) Understand what spoliation is, (6) Be ready to preserve all data, and (7) Know what have and what you don’t have.

Click here to read details for avoiding an e-discovery disaster.

C.G. Lynch is a writer often referenced on this blog and one who covers consumer web and social technoligies for CIO.com.  In a recent article, the topic of writing a company policy regarding the use of social networking media such as Twitter was discussed.

As Lynch states, in the article, … ”many companies grapple with how to balance the transparency social networking tools  enable with the need to safeguard company information.”   The ideas and the methodology presented for an organization to achieve this balance are worth your time to read.

Click here to read the entire article.