It’s incumbent on businesses to understand the nuances and internalize the particulars.
Among other essentials, the rules require organizations to maintain a written information security program, detailing administrative, technical and physical safeguards designed to protect customer data containing nonpublic personal information. That mandate is more layered than it appears at first blush since the rule isn’t limited to a given company’s customer data, but to their customers’ customer data as well.1. Designate a qualified individual to implement and supervise the program.
2. Conduct a risk assessment to identify threats to the security, confidentiality and integrity of customer information.4. Monitor and test the effectiveness of these safeguards on a regular basis.6. Monitor service providers to ensure they’re meeting security expectations under the regulations. 7. Keep the information security program current to reflect changes in operations and the overall threat landscape.
8. Create a written incident response and recovery plan that will be put into effect if a security event takes place.At first glance, the Rule seems like common sense, codified in a way that creates a new baseline underscoring the primacy of cybersecurity best practices. Although the guidelines have the force of law , the point of all this isn’t process but results.
The FTC guidelines offer businesses a kind of reset, a new normal where cyber-cleanliness has at least a fighting chance. Much as Sarbanes-Oxley proved a corrective in the wake of the financial meltdown in 2008, the FTC regulations may likewise light the way for companies looking for a respite from the specter of ransomware, DOS attacks and the seemingly endless hordes of bad actors.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Council Post: Separating Signals From Noise: The Biggest Security Challenge Moving ForwardCombined with the use of social media, generative AI has the potential to disseminate mischief and malicious intent at scale.
Read more »
Council Post: Prioritizing Accountability In School Safety: Beyond Expensive TechnologyThe latest technology will not stop the next school incident if schools do not first prioritize fundamental accountability measures.
Read more »
Council Post: The Three A's To Building A Resilient CompanySpeed to insight has never been more vital to an organization's stability and future growth.
Read more »
Council Post: From Intern To Strategic Business Partner: How To Effectively Promote Your Technology InvestmentFor companies looking to improve their technology investments, here are three technology considerations for thriving in today’s dynamic marketplace.
Read more »
Council Post: Leading Organizational Resilience: How To Develop Good Gut HealthEven if there are failures along the way, good leaders should not lose sight of long-term goals.
Read more »
Council Post: A Vision Of AI-Enhanced Test AutomationLeveraging AI to enhance test automation reshapes the landscape of software testing to align with these modern demands, redefining the nature of testing excellence.
Read more »