Resources for Data Security, Data Privacy and the Protection of Information
The loss, theft, or breach of critical data can cause severe damage to a company’s business and reputation. This can mean loss of customer trust, lost revenue, and ultimately lost market share. Add data compliance regulations from Sarbanes Oxley and PCI to state privacy protection regulations and the need to monitor and protect data becomes one of the most important challenges facing companies today.

The links below will guide you to a number of useful and informative sites providing information and training on data security, data privacy and the protection of information. We will  update the list on a regular basis. We welcome your suggestions. Please send input and/or links to info@tizor.com.

Frequently Asked Questions Related to Data Breaches
Data security and data compliance are complicated issues requiring a combination of processes and technologies to address them. This FAQ provides a high level overview of data security breaches and what can be done to prevent them.

Links and resources from around the web:

Data Security Resources

• Recommended Practices on Notification of Security Breach Involving Personal Information - CA Office of Privacy Protection 
  
  
• Dealing with a Data Breach
  Article on dealing with a data breach.  Including who to contact, as well as when and how to contact them - Federal Trade Commission
  
  
• Professors Schwartz and Janger's law review article on data breach notice laws
  PDF discussing how to deal with security breaches involving different models for informing people as well as consumer behavior strategies and mitigation coordination.
  
  
• IT Security Magazine
  IT Security is a news and information publication covering all aspects of the IT Security marketplace, covering viruses, vulnerabilities, news, events and background information in the market.

Data Privacy Resources

• Chronology of Data Breaches, Privacy Rights Clearinghouse:
  A database containing a chronology of data breaches 2005 - 2006 - 2007
  
  
• Protecting Personal Information, A Guide for Business
  PDF put out by the Federal Trade Commission advising businesses on how to protect their personal information and that of their clients.   Based on 5 key steps: Know what you have; Keep only what you need; Lock up what you keep; Dispose of what you don't safely;  And plan ahead for security incidents - Federal Trade Commission
  
  
• Information Security Handbook
  A Guide for Managers, National Institute of Standards and Technology
  
  
• Prevent Identity Theft with Responsible Information-Handling Practices in the Workplace
  Article focusing on the implementation of responsible information-handling practices by employers.  Including a comprehensive list of best practices - Privacy Rights Clearinghouse
  
  
• Recommended Practices for Protecting the Confidentiality of Social Security Numbers
  PDF of Recommended Practices for Protecting the Confidentiality of Social Security numbers,  This article is specific to California SSN laws as it is put out by the CA Dept of Consumer Affairs.

Information Security and the Protection of Customer Data

• ISSA (Information Systems Security Association)
  The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
  
  
• ISACA
  ISACA is a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide. Its research pinpoints professional issues challenging its constituents.
  
  
• NIST Computer Security Resource Center
  The goal of NIST's Computer Security Division is to improve information systems security by: Raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies.
  
  
• CERT: Sources of Security Information
  A List of sources of security information, tools, discussion groups, incident response help, and more.  All organized by category.
  
  
• SANS Information Security Reading Room
  Information Security Reading Room Featuring over 1635 original computer security white papers in 71 different categories.
  
  
• MISTI Information Security Conferences
  List of conferences featuring recognized industry experts presenting cutting-edge audit and information security topics at MIS Training Institute.
  
  
• Government Network Security Resources
  A library of materials regarding information security.  Originally started as a safe resource for government and military employees to learn additional security tactics and information.  It has since expanded its database to include much more.
  
  
• Information Security Magazine
  TechTarget publishes integrated media that enable information-technology (IT) marketers to reach targeted communities of IT professionals and executives in all phases of the technology decision-making and purchase process.