The California identity theft law, SB 1386, went into effect July 1, 2003, soon after several cases of identity theft were perpetrated by individuals who had stolen our clients' confidential data. The convergence of these events set the stage for risk mitigation and remediation efforts by the CISO?s office, for which I was the assigned lead in my new role of Deputy CISO. This case study tells the story of how our company dealt with these twin challenges, of suffering the theft of some confidential client data, at the same time a new law was enacted that set compliance-goals to protect consumers. An inventory and assessment of over 100 application environments categorized the risk factors emanating from various tiers: Back-end servers, middle-tier (including network) systems, client-tier systems and business-risk. Risks were methodically identified in this fashion and vetted by stakeholders, along with proposed mitigation and remediation actions.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
