- Establish adequate policies and controls to ensure personal data does not get into the wrong hands as a result of a security breach
- Detect when a breach has occurred
- Promptly notify all individuals who might be adversely affected by a breach.
"As is evident from the recent series of news events, an information privacy breach against an enterprise can be devastating to the corporation's brand, image, shareholder value as well as the individuals who are directly affected. Annual losses from security failures cost billions of dollars every year. Companies are under a lot of pressure to limit risk without sacrificing business effectiveness. This means they have to keep the bad guys out while they prevent losses coming from trusted insiders with unauthorized access to confidential information," explains Randall K. Davis, president and CEO of Intellitactics. "Today, our customers rely on Security Manager for operational and informational control of complex security infrastructures. By integrating Covelight Precept with Security Manager, we provide our mutual customers with a single database of audit log information that contains both Identity and Access Management information and Security infrastructure information."
"Today's business conflict is quick and easy data access versus security and privacy," explains Spencer Snedecor, CEO for Covelight. "The relative simplicity and economic benefits of web-enabled applications has introduced a new set of vulnerabilities that can be exploited by authenticated user access to confidential information and identity data. Criminals who use stolen IDs and passwords or setup fraudulent accounts to access sensitive data, and customers, employees, contractors, partners and other trusted insiders who succumb to temptation are proving to be more dangerous to enterprise security. According to Gartner, 70% of all security incidents come from insiders, and Ernst & Young reports that an insider attack against a large company causes an average of $2.7-million in damages, where the average outside attack costs $57,000."
"Corporate financials, customer data, and other trade secrets centralized in data centers are now accessible to a large number of users via web-based applications. Unfortunately, with convenience of access comes abuse and misuse," explains Scott Crawford, senior analyst with Enterprise Management Associates. "To make matters worse, the application environment is in a constant state of change, users are transient, access rights are rarely revoked, and user credentials are subject to phishing and identity theft. What's at risk is the integrity and security of financial data, the privacy of entrusted customer and employee information, the confidentiality of sensitive business information, as well as the company's reputation, brand, and shareholder value. The techniques of attackers and thieves are always evolving and nothing short of full-time vigilance will do. The teaming of Intellitactics Security Manager with Covelight Precept provides an organization with a comprehensive spectrum of monitoring and threat detection that fills an increasingly problematic gap for the enterprise and its business-critical applications."