"We can't look at security and privacy in isolation," Spiezle says. "I think that one of the challenges is we need to take a more holistic view of data protection. We need security by design and privacy by design. It can't be in silos."
"Our message is that you need to move off the concept of compliance to the concept of stewardship," he adds. "Compliance is the floor, the minimum amount you need to do. What we're really trying to do is elevate that discussion. Stewardship is really important and we need to up the investment. We need to be proactive. There are only two types of companies: companies that have had a breach and companies that will have a breach."
To achieve the concept of stewardship, OTA is calling on all financial institutions, commerce sites and consumer-facing government sites to implement the following measures by Nov. 1, 2012:
- Implement both SPF and DKIM across all domains and subdomains
- Publish DMARC records
- Improve the SSL implementation score
- Upgrade to EV SSL certificates and consider adopting Always On SSL
- Adopt OTA's Top 10 Recommendations for business, consumer and brand protection
Review privacy policies and audit all third-party tracking and applications added to sites
Initiate planning and deployment of DNSSEC
- Review WHOIS information
Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at email@example.com