MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Reshaping Financial Services IT: CIO Best Practices for the Shift Toward Mobile Speakers: Dr. Larry Ponemon, Chairman, Ponemon Institute Ojas Rege, VP Strategy, MobileIron Session Times: April 1st 8:00 AM PDT (San Francisco) / 4:00 PM BST (London) April 2nd 9:00 AM HKT (Hong Kong) / 6:00 PM PDT (San Francisco)    Widespread consumer adoption of mobile technology has set in motion a fundamental shift within financial services organizations. CIOs are learning to leverage the power of mobility to deliver a strategic business advantage by helping their firms become more efficient and flexible. For the first time, MobileIron will share data from a Ponemon Institute survey of 400 financial services organizations about the future of BlackBerry, BYOD, apps, and governance. Join MobileIron VP of Strategy Ojas Rege and Ponemon Institute Chairman and Founder Dr. Larry Ponemon for a practical and “eyes-wide-open” look at the issues CIOs and CISOs in financial services will need to address as mobile becomes a fundamental part of their computing environment. Key topics include: • Financial services mobile adoption forecasts • Trends in migration to multi-OS environments • Dependencies for successful mobile strategy deployment • Implications of user experience and security Register Now This session will be recorded and available for replay.


Blog Archives for December 2009
Sophos & Ponemon Institute Announces New Study
December 5, 2009, 3:22 pm

We are pleased to present The State of Privacy and Data Security Compliance study conducted by Ponemon Institute and sponsored by Sophos. The purpose of the study is to determine if various international, federal and state data security laws improve an organization’s security posture. What is the value of compliance and does it correlate with the value of the compliance effort?

With the plethora of new privacy and data security regulations, we believe it is time to ask whether regulations help or hinder an organization’s ability not only to protect sensitive and confidential information assets, but to be competitive in the global marketplace. Further, how difficult is it to be in compliance, who is the typical person or functional leader accountable for compliance? What is the value to the organization? Finally, what differences (if any) exist in security practices between compliant and non-compliant organizations?

We surveyed 528 IT and security practitioners (referred to as respondents) who are involved in their organization’s data security efforts, which can include responsibility for the technologies that support compliance efforts and managing and/or auditing legal and regulatory requirements.

Sixty-seven percent of all respondents say they have at least an adequate knowledge about the many U.S. states, federal and international privacy and data security laws that their organizations are required to comply with today. More than 52 percent of respondents are at or above the manager levels with an average of almost 10 years experience in the IT or security fields.

Our sample of respondents was bifurcated into two groups – namely, 52 percent who reported their organizations have achieved substantial compliance with privacy and data security laws and 48 percent who admit their organizations have not achieved substantial compliance with all applicable laws.

Respondents in both the compliant and non-compliant groups represent various vertical industries, including financial services, retail, technology, healthcare and many others. Based on the results of our study, compliance with privacy and data security regulations appears to have a very favorable impact on an organization’s security posture.

Specifically, the probability of a data breach occurrence that required notification to breach victims decreased by almost one-half as a result of better compliance efforts. Furthermore, organizations achieving a higher level of compliance reap a financial gain as measured by the reduction in cost associated with data breach. Respondents in the compliant group believe the top two technologies that give them an advantage in managing risks are data loss protection and encryption of laptops and desktops.

Compliance also makes a difference in the attitudes and beliefs of respondents about their organization’s security compliance efforts.  Accordingly, respondents in the compliance group believe they are more likely to achieve the following benefits:

  • Improves their organization’s relationship with key business partners.
  • Helps secure more funding for IT security.
  • Improves their organization’s security posture.

To obtain a copy of this study, visit: http://www.sophos.com/security/topic/privacy-data-security-compliance.html.

Training Is the Strongest Link
December 10, 2009, 3:50 pm

Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro).  Our focus is: what are leading companies doing to achieve awareness and knowledge about privacy and data protection requirements?

Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)