Security: from reactive to proactive - taking a risk-based approach to security

Organisations face an increasing amount of regulation that enforces, among other things, higher standards of corporate governance. In Europe, data protection regulatory compliance is regarded as among the most onerous and is becoming increasingly more so. In Germany, the federal data protection act was expanded in mid-2009 to make data breach notification mandatory, and to provide for specific fines and sanctions to be meted out against organisations that suffer a data loss as a result of having inadequate data security controls in place. The UK is using its existing data protection regulations to force organisations that suffer a data breach to adopt higher standards of data governance and is considering beefing up regulation to allow for fines, and even custodial sentences, to be imposed.

If you have read this paper and have an opinion on it's content, please login and post a review for others to see.