Blog Posts Tagged with "Compliance"
August 08, 2012 Added by:Thomas Fox
This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...
August 05, 2012 Added by:PCI Guru
Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...
July 29, 2012 Added by:Ben Kepes
When faced by sometimes rabidly optimistic vendors that suggest putting everything into the cloud, right away, organizations are naturally a little confused when it comes to deciding what applications to move and how to develop an incremental migration strategy...
July 25, 2012 Added by:Thomas Fox
As the compliance field evolves, the need for experienced professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals?
July 23, 2012 Added by:Bob Radvanovsky
I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...
July 23, 2012 Added by:Kelly Colgan
When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...
July 20, 2012 Added by:Headlines
"These certificates protect access to control systems. They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you're lax... the consequences could be disastrous..."
July 19, 2012 Added by:David Navetta
Specifically, in the latest report, among other issues, the NLRB thoroughly discusses prohibitions on disclosing confidential and proprietary information, posting photographs and other content that depicts other people, and requiring reporting of policy violations. Here are some important take-aways...
July 18, 2012 Added by:Thomas Fox
Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...
July 11, 2012 Added by:Rafal Los
The challenges of dealing with a completely connected, ubiquitously computable world are that data can be moved, stored, and used anywhere and that the infrastructure that moves that data around is less and less under your control. That's an interesting thing for information security professionals...
July 10, 2012 Added by:Patrick Oliver Graf
In organizations, there is a constant struggle between satisfying the technological needs of workers while maintaining an adherence to compliance and security. Remote access represents the next major iteration of this battle. This complexity also means there’s far more overlap between the pain points...
July 10, 2012 Added by:David Navetta
The FCC revived an inquiry first launched in 2007 to investigate telecom carriers’ practices regarding the privacy and security of information stored on mobile communications devices, prompted by the recent controversy in which software installed on mobile phones was shown to be collecting data from customers...
July 09, 2012 Added by:Thomas Fox
The DOJ recently announced the resolution of a compliance matter involving violations by Data Systems & Solutions LLC. In reading the Criminal Information, this was no one-off or rogue employee situation, this was a clear, sustained and well known scheme that went on within the company...
July 04, 2012 Added by:Headlines
“Preventing the loss of critical U.S. information and technologies is one of the most important investigative priorities of the FBI. Our adversaries routinely target sensitive research and development data and intellectual property from universities, government agencies, manufacturers, and defense contractors..."
July 03, 2012 Added by:Jared Pfost
Most IT organizations aren't equipped or supported to build a mature program. If our objective is to deliver an evidence driven investment road map aligned with the business, it's OK to plan a phased approach and demonstrate value while the culture, process, and necessary resources gain momentum...
July 02, 2012 Added by:Rebecca Herold
“This is OCR’s first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” Bottom line for all organizations of all sizes: It is wise to learn from the pain of others...
Mass Disclosure of Vulnerabilities in SAP... john niko on 12-09-2013
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013