http://www.startribune.com/business/132825938.html By STEVE ALEXANDER Star Tribune October 30, 2011 Big banks, hospitals and insurance companies worry about computer security because they handle so much personal information. Now, in the age of outsourcing, they also have to worry about whether their partner firms are secure. And that's created a new kind of business consultant: The information security auditor who determines how much security is enough. Some of these auditors work for big companies. When Evan Francen did security audits for Wells Fargo bank, he asked the outsourcing companies to complete a 1,500-question security checklist. (Wells Fargo officials declined to comment.) Now Francen has his own security firm, FRSecure of Chaska, that helps outsourcing firms meet the demands of security auditors like him. And some of them really need the help. "We audited a small bank that was compliant with computer security regulations, but we could have put them out of business in five minutes because of the physical risk," Francen said. "Their computer server room had no camera surveillance, no records of who came or went, no locked doors, nobody there at night, and it was in a separate building." [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Nov 01 2011 - 00:49:15 PDT
This archive was generated by hypermail 2.2.0 : Tue Nov 01 2011 - 01:02:37 PDT