SOURCE: Consul risk management

March 10, 2005 13:33 ET

Who's Responsible for Protecting Your Personal Information; Consul Chief Technologist Available to Discuss Data Protection

Recent High-Profile Security Breaches Highlight Weaknesses in Data Protection Practice

HERNDON, VA -- (MARKET WIRE) -- March 10, 2005 -- The recent string of high-profile security breaches places citizens' personal information at risk and large enterprises' security practices in the spotlight. From bank account information to celebrity phone numbers, confidential information is continuing to fall into unauthorized hands.

Achieving compliance with privacy regulations is only a first step in protecting the data stored in the enterprise. An organization must take full responsibility for the information it collects, as well as the processes in place to safeguard the data. Failing to properly enforce information security can result in hefty fines, negative publicity and customer loss.

Operational risk management enables an organization to evaluate and understand the risks associated with handling customers' private information. Through this process an enterprise is able to assign responsibility to data protection and therefore ensure accountability for their customers. Operational risk decreases as an organization generates a strong governance and control architecture.

"Whether or not explicitly defined, the role and responsibility of the CISO is to maintain the implied 'trust contract' held with a customer -- to assure the integrity, confidentiality and availability of data -- 24x7, all over the world," said Kristin Lovejoy, chief technologist of Consul risk management, Inc. "Anything that jeopardizes that trust relationship poses a risk to the company, and needs to be weighed and potentially addressed. To meet corporate governance regulations an organization must implement a framework for identifying and managing risk beyond financial reporting. Not only can it mitigate this risk by implementing operational risk management (ORM), but it can also maximize business performance throughout the organization."

Kristin is available to discuss whose responsibility it is to protect information as well as best practices for securing the information, including ORM. Kristin has been in the high-tech arena for over 15 years helping to expand the product development, customer support, quality control and training initiatives at Fortune 500 and small companies worldwide. She holds certifications in MCSE, MCT, MCP+I and a US patent for Object Oriented Risk Management Model and Methodology.

Consul risk management, Inc. is a worldwide leader in security audit and compliance solutions. Its flagship product, Consul InSight, uses a patent-pending W7 (Who, did What, When, Where, Where from, Where to and on What) methodology to consolidate, normalize and analyze vast amounts of user and system activity, delivering instant alerts and reports on who touched what information and how those actions may violate external regulations or internal security policies.

If you are interested in speaking with Kris Lovejoy regarding data protection practices, please contact Davida Dinerman or Brant Caraberis at (781) 684-0770 or send an e-mail to

Contact Information