Our Clients

• Keeping sensitive information secure is becoming increasingly challenging for businesses and individuals in todays' information age. A recent surge in privacy breaches and security violations has been getting a lot of coverage from the media but many more violations go undiscovered. Often, they are perpetrated by a company's own current or former employee. According to a recent Burton Group study 80% of losses due to computer-related abuse involve insiders exploiting their authority inappropriately. In addition to protecting customer, employee and partner information from a potential security breach some of our clients must comply with recently passed government legislation such as SOX, GLBA, HIPAA, FISMA.

Publicly Traded

• The US government has passed numerous regulations on data privacy and protection in response to increased threats to consumers. Regulations such as Gramm-Leach Bliley (GLBA), Sarbanes-Oxley (SOX) and California Senate Bill 1386 require financial institutions to protect customer data and report security breaches. As a result many publicly traded companies feel a significant impact to their productivity and bottom lines as they shift their focus towards security management and compliance.

Banking and Financial Services

• Financial institutions have an increasingly complex IT infrastructure with a growing number of internal applications to keep track of. Some of these may be mission-critical, others may hold sensitive financial or personal data. With a recent surge in privacy breaches and security violations, many perpetrated from the inside, it is becoming increasingly more important to periodically check the appropriateness of security privileges granted to employees, contractors, customers and business partners.
• But conducting periodic access reviews can be a daunting task with potentially thousands of users to review per application. Multiply that number by a few dozen applications a typical organization needs to review on a periodic basis and it is easy to see the need for streamligning this process and setting up a program to oversee and manage the numerous access reviews. The increased scrutiny of examiners on financial institutions’ information security practices, coupled with the ever-growing menace of online criminals and data breaches, means that institutions can't have a "do it once and you're compliant" throw-away attitude for information security any longer.

Healthcare

• Many healthcare providers have felt the impact of various goverment regulations and have experienced a period of decreasing margins and increasing emphasis on cost controls. Government security and privacy regulation such as HIPAA have resulted in added pressure and responsibility on healthcare firms. With an increasingly complex IT infrastructure and rising security and privacy demands the challenge for the healthcare industry is in finding effective and cost-effective security controls.

Insurance

• In response to growing concerns about risk management practices within the life and property/casualty insurance agencies, several rating agencies have recently announced plans to add an enterprise risk managment assessment to their insurer rating process. Standard & Poor's (S&P) first announced their intentions in the fall of 2006 and by early spring have conducted nearly 80 reviews. Other rating agencies including A.M. Best, Moody's and Fitch, also have signaled similar iintents. In their evaluation S&P's focus will most likely be placed on evaluating the risk evaluation process, assessing the degree to which companies have considered alternative risk mitigation strategies and on testing the success of risk mitigation strategies in place.
• The challenge for insurance firms in the near future is in identifying industry standards and best practices that can be cost effectively applied to their current environment.