Blog Posts Tagged with "Compliance"
DMTF's Cloud Infrastructure Standard
September 07, 2012 Added by:Ben Kepes
CIMI is arguably more complex than a simple standard – it reflects that people want to rubber stamp a standard, but also want to deliver proprietary functionality as a point of differentiation from the competition. CIMI is a positive initiative, but the proof is in the pudding...
Comments (0)
Utility Breach Prompts Enforcement and Industry-Wide Security Review
September 06, 2012 Added by:David Navetta
Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...
Comments (0)
Leadership in the Compliance Department
September 05, 2012 Added by:Thomas Fox
While a leader can provide some insights based on experience, and perhaps give a different view, the employee who brought up the compliance issue will probably be more intimately involved with it. The employee may have thought through a resolution to the potential issue as well...
Comments (0)
The Inevitability of a Data Breach
September 05, 2012 Added by:Rafal Los
Only after many years of beating the drum that non-security professionals are waking up to the fact that security cannot be an after-thought in development. It'll take another five years before business executives are comfortable with the notion that they will be breached...
Comments (0)
Best Practices for the Destruction of Digital Data
August 31, 2012 Added by:Ben Rothke
The need for effective media destruction is imperative given that digital media is the crown jewels of most organizations. From payroll, financial records, to personal information and company/trade secrets, there are terabytes of data that at the end of its lifecycle, needs to be effectively sanitized...
Comments (0)
Ultimate Breach of Patient Privacy: Real-Time Death on Video
August 29, 2012 Added by:Danny Lieberman
As social media becomes part of the continuum of interaction in the physical and virtual worlds, privacy becomes an issue of discretionary disclosure control. Online privacy and patient privacy will evolve into a market for products and services with stratified pricing, packaging and product positioning...
Comments (1)
How Do You Change an Unhealthy Compliance Culture?
August 29, 2012 Added by:Thomas Fox
The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."
Comments (0)
FTC Seeks Comment on Proposed Revisions to COPPA Rule
August 27, 2012 Added by:David Navetta
The proposed modifications to the definitions of "operator" and "website or online service directed to children" address commenters’ concerns related to the use of third party advertising networks and downloadable software kits, or plug ins, that collect personal information through child-directed websites...
Comments (1)
How Do You Change to a Culture of Compliance?
August 23, 2012 Added by:Thomas Fox
Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...
Comments (0)
Compliance is Not Always a Four-Letter Word
August 22, 2012 Added by:Tripwire Inc
This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?
Comments (0)
Messaging Mishaps Have Collateral Damage
August 21, 2012 Added by:Rebecca Herold
Bottom line for all organizations, from the largest to the smallest: You need to establish messaging policies that clearly communicate that all emails sent through the company email system are subject to monitoring, and that no one using the system should have any expectation of privacy for the messages...
Comments (1)
Network Exposure and Healthcare Privacy Breaches
August 20, 2012 Added by:Danny Lieberman
EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...
Comments (0)
Lessons in the Evolution of Compliance in China
August 16, 2012 Added by:Thomas Fox
As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...
Comments (0)
Not Providing Education is the Dumbest Idea for Infosec
August 14, 2012 Added by:Rebecca Herold
Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. Bottom line for all organizations: Humans have always been and will always be the weakest link in security...
Comments (0)
PA-DSS Validation Clarification
August 09, 2012 Added by:PCI Guru
The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...
Comments (0)
Silly Putty and Compliance: Remember It’s Not Always About You
August 08, 2012 Added by:Thomas Fox
This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...
Comments (1)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!