SOURCE: Online Trust Alliance

Online Trust Alliance

April 20, 2011 09:05 ET

Leaders Release Security Framework for Interactive Messaging Ecosystem

Best Practices to Protect Data Assets, Curb Identity Theft and Improve Online Trust

SEATTLE, WA--(Marketwire - Apr 20, 2011) - The Online Trust Alliance (OTA) today announced the release of its Security by Design Framework and a set of security practices for the interactive messaging ecosystem. As cybercriminals have targeted businesses with increasing malice and precision, interactive marketers, their service providers, and others in the messaging ecosystem need to recognize their valuable data assets are at risk. Left unchecked, data breach incidents can trigger a meltdown in consumer trust, jeopardizing consumer privacy and the viability of online communications and commerce.

To help combat these threats, the OTA has joined with other leading industry organizations, service and technology providers and major brands, to accelerate adoption of effective security measures. The 'Security by Design Framework' and its recommended practices are intended to provide a basis for immediate action. It's predicated on the belief that all members of the messaging community have a stake in the preservation of consumer trust, data stewardship, and privacy. Creating a culture of security is a critical priority for the industry.

"The Security by Design Framework transcends technology and requires that all organizations foster collaboration within their corporate and partner ecosystem. By adopting these best practices, organizations will not just challenge their own security constructs but also ensure that prospective vendors and partners are adhering to the same high standards," said David Daniels, CEO and Co-Founder of The Relevancy Group.

"Trust is at the cornerstone of our business. While starting with the trust customers place in us, it extends to every interaction we have with each other as well. So regardless of our role in the messaging ecosystem, we all have a contribution to make and a stake in the outcome of proving ourselves to be good custodians of customer data. As a messaging technology leader, we're actively participating in this OTA initiative and encourage others to do the same," said Dave Lewis, Chief Marketing Officer, Message Systems.

"As marketers are increasingly collecting sensitive and personal data, 'security by design' needs to become part of the industry's DNA for every new service, feature and process," said Craig Spiezle, Executive Director and President of the Online Trust Alliance. "This collaborative effort demonstrates a commitment to online trust and confidence and to the vitality of the internet. The willingness of businesses to make systemic changes while recognizing their role as data stewards, demonstrates leadership and a commitment to self-regulation. We call on all organizations to embrace these efforts and help put trust back in email."

Supporting this initiative is a broad range of industry and business leaders who share a belief in the need for increased security and data stewardship. The guidelines and statements from a selected number of supporting organizations guidelines are posted at

Steps to Effective "Security by Design"
1. Create a cross-functional security team headed by a chief security officer (or equivalent) as the single point of authority with security accountability.
2. Map the data workflows within your organization and providers to identify points of vulnerability. Examine how you handle data, from collection and storage to transmission, usage and destruction. Define who should have access to the data, how and why.
3. Include security review milestones in every project, from the development of functional specifications through trial and launch.
4. Audit your network infrastructure, mapping it to both internal and external facing sites and all points of connection. Implement processes to monitor the security of your network and data assets to detect unauthorized access or unusual patterns of activity.
5. Develop an incident response team and plan with pre-defined action items and communication strategies that can be activated should a breach occur.

The "Security by Design Framework" builds on the recently released OTA's 2011 Top 10 Recommendations to Help Protect Consumers and the OTA's 2011 Data Breach & Loss Incident Planning Guide.

About The Online Trust Alliance
Formed in 2004, the Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA's mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence.

More information about OTA please visit or call +1 425-455-7400.

Contact Information