For businesses to both prevent and recover from a disaster or cyber crime it has to have its data and applications protected; to do that effectively, both hardware and software encryptions are required as well as transmitted information and stored information be protected.

Existing and evolving regulations in financial services impose a complex set of challenges for organizations seeking to protect its secured data and become compliant. Irrespective of any particular regulation, good business practices also dictate that customer and business partner data and communications must be secured if an organization expects to operate successfully in the digital age.

Some of the regulations we must address include: Gramm-Leach-Biley, Basel II, Sarbanes-Oxley, Safe Harbor Agreement, and the USA Patriot Act. Although the regulations and decrees are numerous and often complex, their security implications tend to fall into one of three categories:

• Establish policies
• Establish control
• Establish security

The following is from the FBI/Computer Security Institute's 2005 Annual Survey of U.S. corporations, financial institutions, government agencies and universities-the longest running survey in the information security field:

• Unauthorized access showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses after virus attacks during the past year.
• Over half the respondents experienced unauthorized use of computer systems within the last 12 months.
• Respondents estimated computer security incidents resulted losses totaling $130 million-$203,000 per respondent. 47 percent of those losses are from unauthorized access and theft of proprietary information costing $62 million
• Security breaches originate from within and outside of organizations almost equally
• Several categories of security technologies (and corresponding percentages) were identified including: Firewalls (97%), Anti-virus software (96%), Intrusion detection systems (72%), Server-based access control lists (70%), Encryption for data transmission (68%), Reusable account/login passwords (52%), Encrypted files (46%), Smart cards/other one-time password tokens (42%), Public Key Infrastructure (35%), Intrusion Prevention Systems (35%), and Biometrics (15%)
• Sarbanes-Oxley Act is beginning to have an impact on information security in some industries

IA's iaSecure is a cryptographic security software that can be an integral part of enabling an integrated IT security and compliance strategy.

iaSecure systems use pass phrases and other user-specific information to replace the traditional unsecured password, which can be easily guessed. This virtually eliminates standard password hacking. IA incorporates a hybrid cryptographic approach. Instead of using a password for an encryption key, we use a dynamic key approach featuring a blend of symmetric and asymmetric paradigms. The one-time keys will never be used again.

IA also uses digital signatures-based on the user's private key—to digitally sign the hash of the transaction message. IA then encrypts this information in a digital envelope that is sent through the Internet, authorizing the intended recipient access. Once the digital envelope is received by the security server, it decrypts the digital envelope, retrieves the digital signature, and compares the hash with the message that was decrypted to verify the data's integrity.

IA's iaSecure ensures only approved people are able to access a system from their designated terminals and additional protection is provided for databases and records from unwarranted intrusion. Whenever iaSecure cannot be applied due to clients accessing the system, the real-time fraud system (knowledge extraction system) would check the transaction and assign a "risk weight" to the profile verifying the fraud validity of the transaction. This is done by rule base, profile as well as neutron learning and assessment, allowing the low risk transactions to take place, medium risk transactions to require confirmation, and holding high risk transactions for authority. By employing real-time risk analysis fraudulent transactions are diminished and multiple abnormal transactions eliminated improving the service to the client and reducing the exposure of the institution.