Updating security procedures
The FTC can also obtain civil monetary penalties for violations of certain privacy statutes and rules, including the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, and the Telemarketing Sales Rule.
To date, the Commission has brought hundreds of privacy and data security cases protecting billions of consumers.
By incorporating flaw remediation into ongoing configuration management processes, required/anticipated remediation actions can be tracked and verified.
Flaw remediation actions that can be tracked and verified include, for example, determining whether organizations follow US-CERT guidance and Information Assurance Vulnerability Alerts.
Consider the following examples: Having a security program means that you’ve taken steps to mitigate the risk of losing data in any one of a variety of ways, and have defined a life cycle for managing the security of information and technology within your organization.
Hopefully the program is complete enough, and your implementation of the program is faithful enough, that you don’t have to experience a business loss resulting from a security incident.
Identifies, reports, and corrects information system flaws; b.
Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c.
I’m willing to bet that for every fired admin that goes on a rampage that gets caught, there are a bunch who get away with it because they are a lot better at covering their tracks!Whether yours is five or 200 pages long, the process of creating a security program will make you think holistically about your organization’s security.A security program provides the framework for keeping your company at a desired security level by assessing the risks you face, deciding how you will mitigate them, and planning for how you keep the program and your security practices up to date.The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act.This broad authority allows the Commission to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.