Securing the Information Border: An SDLC Approach to Security and Privacy Protection

by Stacey Banks

In the first installment of “The Convergence of Information Security, Privacy, and Compliance” (Vol. 22, No. 4) we asked, “How can ... information security, privacy, and compliance areas collaborate to make initiatives most successful?” Clearly a lot of authors (over 20!) wanted to take a crack at answering that important question, so in this issue, we present more of their insights on information security and privacy convergence.

In this issue, you'll discover how a midsized online retailer, still reeling from lawsuits and a highly public data breach, righted its course by implementing a formal risk management program with information security, privacy, and regulatory compliance components. You'll hear from a professional penetration tester, who will tell you why it's in your best interests to have someone like him (or your own IT professionals) break into your network -- and how such tests can benefit everyone from compliance and security employees to your audit and legal departments. You'll even learn how a “global governance” approach can enable you to bring “diverse economic, political, professional, and educational resources” to bear on your organization's security and privacy compliance challenges. Join Cutter Senior Consultant Stacey Banks, one of Computerworld's “Best Privacy Advisers” of 2008, for a closer look at why this topic should be at the forefront of your agenda.