Blog Posts Tagged with "Compliance"


There's a New Sheriff in Town – PCI DSS Lays Down the Law to Improve Pen Testing Requirements

January 29, 2014 Added by:Michael Sabo

The PCI’s 12 mandatory requirements are designed to protect cardholder data from the threat of fraud or theft. Requirement 11.3 gets to the heart of the pen test, and it was revised in PCI-DSS version 3.0.

Comments  (0)


The Perils of Combining Security and Compliance

January 27, 2014 Added by:Robb Reck

There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.

Comments  (0)


Target and Neiman Marcus Breaches Renew Issues Regarding PCI Lawsuits

January 16, 2014 Added by:john melvin

We have no way of knowing right now what the causes of the recent Target and Neiman-Marcus data breaches are. It just raises the same questions of: does compliance with PCI standards mean that everything is secure against attacks? If an application is compliant, is that enough? It doesn’t seem to be clear whether or not a company can completely “pass the buck” to the developers and maintaine...

Comments  (0)


What PCI Requirements Apply to Us: Tacking a Common PCI DSS Compliance Challenge

August 21, 2013 Added by:Rohit Sethi

Determining which system components fall under PCI compliance can often be problematic for many companies. When it comes to PCI DSS (Payment Card Industry Data Security Standards) compliance assessments, scoping tends to become a major challenge.

Comments  (12)


Top 10 Encryption Benefits

April 30, 2013 Added by:Steve Pate

If deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today’s business environments. Below are top 10 benefits for those considering encryption.

Comments  (0)


Using Least Privilege to Effectively Meet PCI DSS Compliance

April 25, 2013 Added by:Andrew Avanessian

PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.

Comments  (0)


How to comply with PCI DSS 6.3

March 09, 2013 Added by:Rohit Sethi

If you process, transmit or store credit card data in your software then you’re likely subject to the Payment Card Industry Data Security Standard (PCI DSS). One of the most onerous sections of the PCI DSS is requirement 6: Develop and maintain secure systems and applications.

Comments  (0)


Pre-Authorization Data – The Card Brands Weigh In

January 28, 2013 Added by:PCI Guru

Acquiring banks, for the most part, cannot answer basic questions about the PCI DSS, so we are supposed to believe that they are experts on retention of pre-authorization data based on a company’s vertical market and region? Talk about passing the buck...

Comments  (0)


Fly First Class But Pay Economy for HIPAA Compliance

January 22, 2013 Added by:Danny Lieberman

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

Comments  (0)


Tribute to Stan The Man and 11 Rules for Compliance Success

January 21, 2013 Added by:Thomas Fox

These insights could help you improve your compliance program. And while it doesn’t have quite the same rhyming scheme as Paul Simon’s Mrs. Robinson, here’s to you Stan ‘The Man’ Musial. I hope that you enjoy an inning or two at the great game in the hereafter...

Comments  (0)


ISMS Certification Does Not Equal Regulatory Compliance

December 27, 2012 Added by:Rebecca Herold

“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”

Comments  (0)


All Aboard

December 17, 2012 Added by:Randall Frietzsche

We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...

Comments  (0)


Managing the Social Impact of Least Privilege

December 10, 2012 Added by:Paul Kenyon

In organizations where IT policy hasn’t been enforced or where users expect to have full autonomy over PCs, the transition to least privilege desktops must be carefully planned, so the IT department doesn’t face a user revolt. Make sure to set users’ expectations accordingly...

Comments  (0)


Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)


Five Essentials of a Chief Compliance Officer Position

December 05, 2012 Added by:Thomas Fox

The five essential features are based on the Department of Justice’s thinking on the issue in the form of the US Sentencing Guidelines, FCPA enforcement actions and evolving best practices. If your company is not following these it may well not be deemed to have a commitment to compliance...

Comments  (0)


Pen Test vs. Vulnerability Scan: You know the difference, but do they?

November 28, 2012 Added by:Stacey Holleran

Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...

Comments  (5)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked