Blog Posts Tagged with "Compliance"
On Security Awareness Training
August 05, 2012 Added by:PCI Guru
Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...
Comments (0)
Technical Considerations when Moving to the Cloud
July 29, 2012 Added by:Ben Kepes
When faced by sometimes rabidly optimistic vendors that suggest putting everything into the cloud, right away, organizations are naturally a little confused when it comes to deciding what applications to move and how to develop an incremental migration strategy...
Comments (0)
Take the A-Train to Find Your Compliance Team
July 25, 2012 Added by:Thomas Fox
As the compliance field evolves, the need for experienced professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals?
Comments (0)
The "Compliance Society"
July 23, 2012 Added by:Bob Radvanovsky
I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...
Comments (2)
Latest Data Breach Notification Bill Won’t Go Far
July 23, 2012 Added by:Kelly Colgan
When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...
Comments (0)
Senators Seek Investigation into Electric Grid Security Issue
July 20, 2012 Added by:Headlines
"These certificates protect access to control systems. They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you're lax... the consequences could be disastrous..."
Comments (0)
NLRB Issues Report on Employer Social Media Policies
July 19, 2012 Added by:David Navetta
Specifically, in the latest report, among other issues, the NLRB thoroughly discusses prohibitions on disclosing confidential and proprietary information, posting photographs and other content that depicts other people, and requiring reporting of policy violations. Here are some important take-aways...
Comments (0)
The Compliance Professional as a Trusted Advisor
July 18, 2012 Added by:Thomas Fox
Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...
Comments (0)
The Patchwork Cloud: Breaking Laws You Didn't Know Applied
July 11, 2012 Added by:Rafal Los
The challenges of dealing with a completely connected, ubiquitously computable world are that data can be moved, stored, and used anywhere and that the infrastructure that moves that data around is less and less under your control. That's an interesting thing for information security professionals...
Comments (0)
Navigating the Minefield of Mobile Technology Purchasing
July 10, 2012 Added by:Patrick Oliver Graf
In organizations, there is a constant struggle between satisfying the technological needs of workers while maintaining an adherence to compliance and security. Remote access represents the next major iteration of this battle. This complexity also means there’s far more overlap between the pain points...
Comments (0)
FCC Seeks Public Comment on Mobile Data Collection Policies
July 10, 2012 Added by:David Navetta
The FCC revived an inquiry first launched in 2007 to investigate telecom carriers’ practices regarding the privacy and security of information stored on mobile communications devices, prompted by the recent controversy in which software installed on mobile phones was shown to be collecting data from customers...
Comments (0)
Lessons Learned for the Compliance Practitioner
July 09, 2012 Added by:Thomas Fox
The DOJ recently announced the resolution of a compliance matter involving violations by Data Systems & Solutions LLC. In reading the Criminal Information, this was no one-off or rogue employee situation, this was a clear, sustained and well known scheme that went on within the company...
Comments (0)
Company Guilty of Illegal Export of U.S. Military Software to China
July 04, 2012 Added by:Headlines
“Preventing the loss of critical U.S. information and technologies is one of the most important investigative priorities of the FBI. Our adversaries routinely target sensitive research and development data and intellectual property from universities, government agencies, manufacturers, and defense contractors..."
Comments (0)
IT Risk Management: Roadmap for a Roadmap
July 03, 2012 Added by:Jared Pfost
Most IT organizations aren't equipped or supported to build a mature program. If our objective is to deliver an evidence driven investment road map aligned with the business, it's OK to plan a phased approach and demonstrate value while the culture, process, and necessary resources gain momentum...
Comments (0)
Lack of Basic Security Practices Results in $1.7 Million Sanction
July 02, 2012 Added by:Rebecca Herold
“This is OCR’s first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” Bottom line for all organizations of all sizes: It is wise to learn from the pain of others...
Comments (0)
Falconstor Software Conspired to Bribe Chase Executives
July 02, 2012 Added by:Headlines
The U.S. Attorney’s Office filed a criminal complaint against FalconStor Software, a data storage and protection company, alleging that the company conspired to pay more than $300,000 in bribes to executives of J.P. Morgan Chase Bank to obtain over $12 million in electronic storage licencing contracts...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers