Creating a Budget and Optimizing the Money Spent. Traditionally, there has been a lack of organizational focus on information security (IS) as a strategic priority.
For the first time since its inception, the Consumer Financial Protection Bureau (CFPB) brought the regulatory hammer down on an organization for allegedly misrepresenting the robustness of its data security program to consumers.
Organizations can, and often do, make the mistake of classifying information security as only a compliance matter. Much like taxes, workplace safety, and human resources, information security is governed by a complex set of statutes and regulatory rules. However, unlike the aforementioned areas, information security cannot adequately be solely addressed as a compliance matter.
On February 5, 2016, Hollywood Presbyterian Medical Center was the target of a ransomware attack, in which malefactors seized control of the hospital’s computer systems and demanded a ransom in exchange for returning control.[i] Initial reports indicated that the malefactors demanded 9,000 bitcoin, or $3.6 million, to unlock the system.[ii] On February 17, 2015, the…