|
Press Release: Ten Tips for Corporations to Protect Customer Information from Identity Theft |
|
|
Mr. Henry has served as an expert commentator for a variety of media outlets, including NBC Nightly News, CNBC, the Miami Herald, the San Francisco Chronicle and Secure Computing Magazine.
While identity theft cannot be prevented single handedly, there are ways to protect your customers' information, noted Henry. It is vital that all databases that store personal data are properly safeguarded, and hopefully these tips will enable enterprises to be more secure against the threat of identity theft.
Henry's Top 10 tips to protecting customer information from identity theft are:
1. Unless there is a specific reason that personal information is being
stored, get rid of it. If information needs to be there, set a
timetable for its length of stay and when it can be disposed of.
2. Make sure that the server holding personal information is isolated to
its own network with limited access. The network should be
secured/protected by a strong firewall that protects from attacks at
the network, protocol and most importantly the application layer.
3. The server that contains the personal information should NOT allow
direct connectivity to any user on the public Internet.
4. The isolation of the database server should provide protection not
only from the Internet but from other Internet facing servers as well
as the internal network.
5. Under no circumstance should the database server be permitted to
initiate connections to the Internet.
6. The controls afforded by the application layer defenses must include
the ability to control not only what the database can query, but the
explicit commands that can be run, as well as the number of responses
per query.
7. Both the security mechanisms and the database server should be
operated on kernel hardened operating systems to mitigate the risk of
operating system bugs or vulnerabilities.
8. Strict controls of who can access the server should be in place, be
enforced, and reviewed to validate the need for access rights.
9. A multi-defense is your best defense; take full advantage of both
security mechanisms available within the database application and
strong encryption as well as security mechanisms of the application
level firewall.
10. All communication of personal data sent to/from the database across
public and private networks should be permitted over encrypted
channels (HTTPS / SSL SSH).
About Paul Henry
Mr. Henry, Sr. Vice President of CyberGuard, has more than 20 years experience with security and safety controls for high-risk environments such as nuclear power plants and industrial boiler sites. In addition to his CISSP certification, Henry holds many other security certifications such as MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISM, and CISA.
Forward-Looking Statement
This press release contains forward-looking statements that involve certain risks, uncertainties and factors, including without limitation, those described in the Company's filings with the Securities and Exchange Commission that may cause the Company's future actual results to materially differ from the Company's current expectations. The Company assumes no obligation to update any forward-looking statements.
CyberGuard® and Webwasher® are registered trademarks and Total Stream Protection(TM) and Global Command Center(TM) are trademarks of CyberGuard Corporation. All other trademarks are property of their respective owners.
Source: CyberGuard(R) Corporation
http://biz.yahoo.com/prnews/050401/dcf018.html?.v=4
"
|
|
|
 |
| "Press Release: Ten Tips for Corporations to Protect Customer Information from Identity Theft" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 5
Votes: 1
|
|
|
