CIO Enterprise Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
 
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions

November 17 at 11:00 am US/Eastern (GMT-5)

Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.

Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group

The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.

Honor your best senior team members - Apply for the CIO Ones to Watch Award

Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 
 
 

Banks Fed Up With Retailers' Security Gaffes

What makes the TJX data breach different from the many that came before it?

 

March 22, 2007CIO

What makes the TJX data breach different from the many that came before it? This marks one of the first times banks or consumers have linked a specific incidence of credit card fraud to a security breach at a specific company, says Jim Lewis, a security expert at the Center for Strategic and International Studies.

Plus, bank executives are fed up and they aren't going to take it anymore.

That seemed to be the message delivered by the financial community in the wake of the security breach announced by TJX in January. TJX, the Framing­ham, Mass., parent company of discount stores including TJ Maxx and Marshalls, revealed that hackers had stolen an undisclosed number of customer credit card numbers (estimates are in the millions). The reaction to the break-in was swift: The Massa­chusetts Bankers Association said some of its member banks had been able to trace recent fraudulent purchases on credit cards to the TJX breach.

"We believe the financial responsibility for covering losses because of fraud is on the company where the breach occurred," says association spokesman Bruce Spitzer. "This is something we are pursuing."

As are others. So far, at least two class-action lawsuits have been filed against TJX (one by banks in Alabama and Ohio, and another by an individual in West Virginia). The Massachusetts Attorney General's office is investigating TJX's security practices. The suits and investigations have altered the security breach landscape. "You will see banks start to attempt to hold retailers and other merchants liable" for losses on credit cards, says Behnam Dayanim, a privacy attorney with Paul, Hastings, Janofsky & Walker in Washington, D.C.

As CIO, how do you protect your company from a similar mess? The first thing CIOs should do is discuss with business unit leaders whether personal information (such as addresses, driver's license data and Social Security numbers) needs to be stored at all. If there's no compelling business reason to keep it, then the company should discard it after processing any transaction, be it in a brick-and-mortar store or online. But if the storage of the information is viewed as key to increasing sales then the firm must secure the data.

Encryption is one answer. The Cali­fornia security breach notification law (the standard for such laws, which requires businesses to notify customers when personal data has been exposed) permits companies to forgo notification if the personal data was encrypted. But use strong encryption, because lawyers can argue that weak encryption is no protection at all, Dayanim warns.

 
 
Loading...
 
WHITE PAPERS

Expose Hidden Device-Account Relationships

A device fingerprinting solution such as iovation ReputationManager™ provides unique insight.
 

Service Level Reporting and Communication

Service level reporting is the most visible output and often the most time-consuming activity in SLM.
 

Informatica Platform and Integration Competency Centers

Forrester used its total economic impact methodology to interview seven companies that have standardized their data integration practices.
 

Cutting the Cost of Enterprise Databases

This IDC white paper discusses the growing complexity of datacenter management, which is causing escalating costs.
 

The CIO Calls the Shots

Learn how a selective sourcing model can deliver services in a flexible, efficient manner.
 

Infrastructures for Innovation

Read this exclusive research report from Qwest Communications and CIO on advanced communications infrastructures and their role in your organization's success.
 

WEBCASTS

Protecting PII: How to work with IT to manage risk

Understand the critical nature of the test data privacy problem and tips on how to work with IT to implement a test data privacy program.
 

Defend Against Blended Threats: What You Need to Know

Blended Web and email threats are becoming increasingly complex and represent a huge potential risk to your organiz...
 

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs
 

Taking a Seat at the Executive Table: The Reality of Virtualization

This year, for the first time, the number of virtual machines is on track to exceed the number of physical machines...
 

Who Are the Data Center Leaders?

Today's data center is still very much a heterogeneous environment. Gabriel Consulting recently surveyed over 250 d...
 

SharePoint - Unchecked growth of content is unsustainable - now what?

Recent research has confirmed that it has become critical for IT leaders to reclaim authority over the SharePoint c...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Keeping Your Members Safe from Online Scams and Predators

Learn How Web Site Performance Impacts Shopper Behavior

Build a Foundation for Unified Communications

Removing the Barriers to IT Governance: How On-Demand Software Changes the Game

Should Your Email Live In The Cloud? A Comparative Cost Analysis

Learn about the growing threat of insider data theft.

Adobe® LiveCycle® solutions for business process automation

10 Ways Excel Drives More Value from Your SAP Investment

The Key to Proving and Improving the Value of IT to the Company

Unleash the Power of Java with Oracle JRockit Real Time

Taking the Service Desk to the Next Level

See how AT&T can help protect your network.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

Increase UPS efficiency without sacrificing protection.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

Ready to virtualize tier one applications? Check your virtualization maturity.

Think you can't afford a Cisco Switch? Cisco Catalyst Switches are now more affordable.

Webcast: Unleashing the Power of Customer Data

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Enterprise Capture: Your Onramp to Business Process Automation

Cloud Computing--What is its Potential Value for Your Company?

Seven Design Requirements for Web 2.0 Threat Protection

How Consumerization of IT Will Make Your Business More Productive

How does a software company save big with Green IT?

Translate business strategy into IT strategy and obtain maximum benefits.

eBook: How Can You Make Your People Productive Anywhere?

Mind the Talent Gap: Global Survey on IT and HR trends and challenges

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

World-class trading technology solutions from NYSE Technologies.

If You're Paying for Telecom, You're Paying Too Much. Contact Asentinel Today.

Trade-In your old printer and save up to $1,000 plus free recycling!