Many companies have or could develop comprehensive security programs consisting of policies, procedures and monitoring efforts. However, it is the encryption standards that may pose a technical challenge faced by many companies. The encryption requirement includes laptops, BlackBerry devices, e-mails, portable devices and more. E-mail encryption solutions alone can be costly and must be well planned for customer acceptance and communication flow.
The intent of the regulation is a step in the right direction to ensure that companies are focused on data security and have an understanding of their network configurations, firewall management, vulnerability testing and remediation, as well as data storage areas. A national standard is probably not too far away based upon the potential risk of compromise on a national level. Overall awareness of information security standards, protective technology, potential threats and effective incident-response activities is good practice on both personal and corporate levels. The dangers are ever-changing, and the ability to protect and defend against such threats is an enormous challenge for everyone.