Free Advice on Data Security from the FTC
Yesterday I called out the lack of action the Federal Trade Commission has taken against company's who suffered a breach, in part due to gaps in the security controls in their infrastructure.
Seems only fair that I would give the FTC their due when warranted. A few weeks ago, the agency released a 24 page book entitled "Protecting Personal Information: A Guide for Business." According to a post by Rebecca Herold, the free guide focuses on the following five themes:
"TAKE STOCK. Know what personal information you have in your files and on your computers.
SCALE DOWN. Keep only what you need for business.
LOCK IT. Protect the information you keep.
PITCH IT. Properly dispose of what you no longer need.
PLAN AHEAD. Create a plan to respond to security incidents."
As Herold indicates, "this is a very good PII(personally identifiable information) protection primer."
Mike Rothman also highlighted the guidance the guide gives to help organizations be pro-active about preparing for potential security incidents.
The FTC has come up with a beneficial free (using taxpayer money) tool that will give you some clear, basic guidance related to information security. A great start for anyone new to information security and a reasonable baseline for more experienced infosec professionals to cross-check their efforts against.
Comments