Blog Posts Tagged with "Compliance"

59d9b46aa00c70238bb89056cfeb96c0

Lessons in the Evolution of Compliance in China

August 16, 2012 Added by:Thomas Fox

As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Not Providing Education is the Dumbest Idea for Infosec

August 14, 2012 Added by:Rebecca Herold

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. Bottom line for all organizations: Humans have always been and will always be the weakest link in security...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PA-DSS Validation Clarification

August 09, 2012 Added by:PCI Guru

The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Silly Putty and Compliance: Remember It’s Not Always About You

August 08, 2012 Added by:Thomas Fox

This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

On Security Awareness Training

August 05, 2012 Added by:PCI Guru

Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Technical Considerations when Moving to the Cloud

July 29, 2012 Added by:Ben Kepes

When faced by sometimes rabidly optimistic vendors that suggest putting everything into the cloud, right away, organizations are naturally a little confused when it comes to deciding what applications to move and how to develop an incremental migration strategy...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Take the A-Train to Find Your Compliance Team

July 25, 2012 Added by:Thomas Fox

As the compliance field evolves, the need for experienced professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals?

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (4)

F29746c6cb299c1755e4087e6126a816

Latest Data Breach Notification Bill Won’t Go Far

July 23, 2012 Added by:Kelly Colgan

When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Senators Seek Investigation into Electric Grid Security Issue

July 20, 2012 Added by:Headlines

"These certificates protect access to control systems. They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you're lax... the consequences could be disastrous..."

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

NLRB Issues Report on Employer Social Media Policies

July 19, 2012 Added by:David Navetta

Specifically, in the latest report, among other issues, the NLRB thoroughly discusses prohibitions on disclosing confidential and proprietary information, posting photographs and other content that depicts other people, and requiring reporting of policy violations. Here are some important take-aways...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The Compliance Professional as a Trusted Advisor

July 18, 2012 Added by:Thomas Fox

Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud: Breaking Laws You Didn't Know Applied

July 11, 2012 Added by:Rafal Los

The challenges of dealing with a completely connected, ubiquitously computable world are that data can be moved, stored, and used anywhere and that the infrastructure that moves that data around is less and less under your control. That's an interesting thing for information security professionals...

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Navigating the Minefield of Mobile Technology Purchasing

July 10, 2012 Added by:Patrick Oliver Graf

In organizations, there is a constant struggle between satisfying the technological needs of workers while maintaining an adherence to compliance and security. Remote access represents the next major iteration of this battle. This complexity also means there’s far more overlap between the pain points...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FCC Seeks Public Comment on Mobile Data Collection Policies

July 10, 2012 Added by:David Navetta

The FCC revived an inquiry first launched in 2007 to investigate telecom carriers’ practices regarding the privacy and security of information stored on mobile communications devices, prompted by the recent controversy in which software installed on mobile phones was shown to be collecting data from customers...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Lessons Learned for the Compliance Practitioner

July 09, 2012 Added by:Thomas Fox

The DOJ recently announced the resolution of a compliance matter involving violations by Data Systems & Solutions LLC. In reading the Criminal Information, this was no one-off or rogue employee situation, this was a clear, sustained and well known scheme that went on within the company...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »