Company Snapshot: RSAS  Print This Story  Email This Story  Save this Link View PR Newswire's RSS Feed  Blogs Discussing this News Release  Search Blogs that Mention this News Release  Click this link to view linked Bookmarking Services Click this link to view linked Blogging Services

A Corporate Minefield: FTC Demands 'Reasonable & Appropriate' Measures to Protect Digital Assets
 
     * Recent ruling against a leading wholesale club chain obliges industry
       to understand and adopt a complex range of information security best
       practices
     * RSA Security launches initiative to clear a path through the fog; help
       businesses safeguard their customers, data -- and reputation

    BEDFORD, Mass., Aug. 4 /PRNewswire-FirstCall/ -- With the business world
still contemplating the effects of the Federal Trade Commission's recent
ruling against a leading wholesale club, RSA Security Inc. (Nasdaq: RSAS)
today announced its Best Practices Framework -- a tool that will help
businesses across the globe to recognize and deploy the information security
controls which are applicable to them.
    The FTC ruled that the wholesale club failed to take appropriate security
measures to protect the personal information of thousands of its customers,
and that this was an unfair practice. The FTC determined that this failure
resulted in millions of dollars of fraudulent purchases. The FTC had asserted
that the club had failed to encrypt data or secure wireless access points;
failed to use sufficient measures to detect unauthorized access; and that it
stored the information in files accessible through default usernames and
passwords.
    Of particular note, FTC Chairman Deborah Majoras said that, "Consumers
must have the confidence that companies that possess their confidential
information will handle it with due care and appropriately provide for its
security. This case demonstrates our intention to challenge companies that
fail to protect adequately consumers' sensitive information."(1)
    "The FTC's action is significant, as it precedes possible Congressional
action on national breach notification legislation, and places new
responsibilities on businesses everywhere to take reasonable security
measures," comments Art Coviello, president and CEO at RSA Security Inc. "The
question that many organizations are now asking is 'what constitutes
reasonable and appropriate action?' In an increasingly complex regulatory
environment, finding a comprehensive answer to that question can be a
laborious task."
    The RSA Security Best Practices Framework has been meticulously developed
over a period of 12 months to help businesses navigate the minefield, and
eliminate complexity and confusion around regulatory compliance. The Best
Practices Framework maps the key regulatory business requirements to related
IT controls and suggests the specific best practices.
    RSA Security's team has cross-referenced regulations from around the world
-- such as Sarbanes-Oxley, Basel II and the European Union's Data Protection
Directive -- and more than 60 best practices derived from the key identity and
access management requirements from the associated control frameworks and
standards: COBIT, NIST 800-53, ISO 17799, and FFIEC. These were then brought
up to date with insight from the SANS Institute, analysts, and in-house RSA
Security experience gained from working with more than 18,000 customers
worldwide. The best practices are a powerful tool to provide information
security controls in the areas of risk management, authentication, access
control, data protection and logging and reporting.
    "One of the biggest challenges organizations face is wading through the
complexities of various control frameworks and standards to understand the
best practices that are truly relevant to their business," said Trent Henry,
Senior Analyst, Burton Group. "One successful strategy is to map the common
requirements of such standards, to determine the most widely accepted
enterprise controls. Done by an individual organization, however, this can be
a considerable amount of effort, so efforts to streamline the process should
benefit companies in the long-run."
    RSA Security's Best Practices Framework is designed to allow businesses to
quickly -- and simply -- assess their own needs and specific compliance and
business objectives. Access to the complete set of best practices is gained
through an easy-to-use interactive tool also developed by the company -- the
RSA Security Compliance Scorecard.
    "The essence of the recent ruling sends a clear message to organizations
that rely upon, collect, sell, store and otherwise use sensitive personal
information: you have a responsibility to protect the data that you have been
entrusted to hold. To date, it seems pretty clear that many have failed to
take that responsibility seriously," comments former FTC Commissioner Orson
Swindle. "RSA Security has taken a commendable step by developing a rich
resource of information which will help any organization understand the
information security implications of the many privacy, corporate governance
and data protection regulations set at various levels of government."
    "If we are to maintain consumer trust in information technology and e-
commerce, we must move more completely toward a culture of information
security and employ best practices. RSA Security is helping us all to take a
bigger step in that direction," continues Mr. Swindle.
    In the meantime, federal legislation that would likely place increased
obligations on businesses is being vigorously debated in the U.S. Congress.
Requiring more immediate attention, 18 states have already passed new laws on
breach notification, many of which are modeled after California's SB 1386, the
first such state law in the nation. If you would like more information on the
RSA Security Compliance Scorecard, please visit
http://www.rsasecurity.com/node.asp?id=2895 or e-mail
compliance@rsasecurity.com

    About RSA Security Inc.
    RSA Security Inc. is the expert in protecting online identities and
digital assets. The inventor of core security technologies for the Internet,
the company sets the standard in strong authentication and encryption,
bringing trust to millions of user identities and the transactions that they
perform. RSA Security's portfolio of award-winning identity & access
management solutions helps businesses to establish who's who online -- and
what they can do.
    With a strong reputation built on a 20-year history of ingenuity,
leadership and proven technologies, we serve more than 18,000 customers around
the globe and interoperate with more than 1,000 technology and integration
partners. For more information, please visit http://www.rsasecurity.com.

    (1) http://www.ftc.gov/opa/2005/06/bjwholesale.htm

    For more information:
     Courtney Hohne                     Matt Buckley
     OutCast Communications             RSA Security Inc
     (415) 345-4735                     (781) 515-6212
     courtney@outcastpr.com             mbuckley@rsasecurity.com
SOURCE RSA Security Inc.



Back to Topback to top

Related links:
  • http://www.rsasecurity.com
    CONTACT:
    Courtney Hohne of OutCast Communications,
    +1-415-345-4735, courtney@outcastpr.com; or Matt Buckley of RSA
    Security Inc, +1-781-515-6212, mbuckley@rsasecurity.com
    www.technorati.com Blogs Linking to this News Release at Technorati
    Issuers of news releases and not PR Newswire are solely responsible for the accuracy of the content.
    Terms and conditions, including restrictions on redistribution, apply.
    Copyright © 1996- PR Newswire Association LLC. All Rights Reserved.
    A United Business Media company.