QUOTE
A new Massachusetts law, 201 CMR 17.00, is set to go into effect next year and will do much to raise the bar on protecting sensitive data, according to Keohane.
“The law requires all businesses to have a comprehensive information security program that is written down, either on paper or electronically,” she says.
“The challenge is that information security is a moving target. New threats continually arise. Every time a new version of a software product is released, new exposures are possible, probable even.”
The new regulation was supposed to begin this year, but a bad economy and the cost of encrypting data have pushed the deadline back twice. The new date is set for Jan. 2010.
Even with the new law, as long as the likes of Jester and Dshocker haunt the Web, preying on any flaw in the system, there may never be such a thing as 100 percent security. O
http://www.worcestermagazine.com/content/view/3848/
