Blog Posts Tagged with "Compliance"


How Do You Change an Unhealthy Compliance Culture?

August 29, 2012 Added by:Thomas Fox

The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."

Comments  (0)


FTC Seeks Comment on Proposed Revisions to COPPA Rule

August 27, 2012 Added by:David Navetta

The proposed modifications to the definitions of "operator" and "website or online service directed to children" address commenters’ concerns related to the use of third party advertising networks and downloadable software kits, or plug ins, that collect personal information through child-directed websites...

Comments  (2)


How Do You Change to a Culture of Compliance?

August 23, 2012 Added by:Thomas Fox

Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...

Comments  (0)


Compliance is Not Always a Four-Letter Word

August 22, 2012 Added by:Tripwire Inc

This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?

Comments  (0)


Messaging Mishaps Have Collateral Damage

August 21, 2012 Added by:Rebecca Herold

Bottom line for all organizations, from the largest to the smallest: You need to establish messaging policies that clearly communicate that all emails sent through the company email system are subject to monitoring, and that no one using the system should have any expectation of privacy for the messages...

Comments  (1)


Network Exposure and Healthcare Privacy Breaches

August 20, 2012 Added by:Danny Lieberman

EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...

Comments  (0)


Lessons in the Evolution of Compliance in China

August 16, 2012 Added by:Thomas Fox

As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...

Comments  (0)


Not Providing Education is the Dumbest Idea for Infosec

August 14, 2012 Added by:Rebecca Herold

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. Bottom line for all organizations: Humans have always been and will always be the weakest link in security...

Comments  (0)


PA-DSS Validation Clarification

August 09, 2012 Added by:PCI Guru

The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...

Comments  (0)


Silly Putty and Compliance: Remember It’s Not Always About You

August 08, 2012 Added by:Thomas Fox

This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...

Comments  (1)


On Security Awareness Training

August 05, 2012 Added by:PCI Guru

Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...

Comments  (0)


Technical Considerations when Moving to the Cloud

July 29, 2012 Added by:Ben Kepes

When faced by sometimes rabidly optimistic vendors that suggest putting everything into the cloud, right away, organizations are naturally a little confused when it comes to deciding what applications to move and how to develop an incremental migration strategy...

Comments  (0)


Take the A-Train to Find Your Compliance Team

July 25, 2012 Added by:Thomas Fox

As the compliance field evolves, the need for experienced professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals?

Comments  (0)


The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)


Latest Data Breach Notification Bill Won’t Go Far

July 23, 2012 Added by:Kelly Colgan

When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...

Comments  (0)


Senators Seek Investigation into Electric Grid Security Issue

July 20, 2012 Added by:Headlines

"These certificates protect access to control systems. They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you're lax... the consequences could be disastrous..."

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »