Blog Posts Tagged with "Compliance"
Who Are You Preaching to Anyway?
May 16, 2012 Added by:Neira Jones
Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...
Comments (1)
Why Security Through Obscurity Still Does Not Work
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
Comments (0)
Turn Compliance Beliefs Into Action: Impact Tone at the Bottom
May 12, 2012 Added by:Thomas Fox
This method is a good way for a compliance practitioner to get at ‘tone at the bottom’. By engaging employees at the level suggested you can find out not only what the employees think about the compliance program but use their collective experience to help design a more effective program...
Comments (0)
A Reason Why the PCI Standards Get No Respect
May 11, 2012 Added by:PCI Guru
The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...
Comments (0)
The Great Compliance Conundrum
May 10, 2012 Added by:Mark Gardner
The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...
Comments (0)
Healthcare Data and the (Private) Social Network
May 10, 2012 Added by:Danny Lieberman
Previously, we talked about the roles that trust, security and privacy play in online healthcare interactions. In this post we look at privacy challenges in social networks and describes how you can implement a private healthcare social network for without government regulation...
Comments (0)
What Infosec Can Learn from Enron
May 09, 2012 Added by:Beau Woods
Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...
Comments (0)
Six Good Reasons to De-Identify Data
May 09, 2012 Added by:Rebecca Herold
Even though it sounds complicated there are many good methods you can use to accomplish de-identification. The great thing is, under many legal constructs de-identification is an acceptable way to use personal information for purposes beyond which the personal data was collected...
Comments (2)
Smart Grid Security, Challenges and Change
May 08, 2012 Added by:Larry Karisny
The cost and time of trying to become compliant with guidelines and standards will put smart-grid security years off before it can achieve any security solutions. There must be a way out of what people in the security business are now calling the "smart grid security circus"...
Comments (0)
SOC 2: The Customer Security Questionnaire Killer
May 08, 2012 Added by:Jon Long
User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...
Comments (0)
Healthcare Data: I Trust You to Keep this Private
May 04, 2012 Added by:Danny Lieberman
In this article, Danny Lieberman talks about the roles that trust, security and privacy play in online healthcare interactions. At the end of the article, he introduces the idea of private social networking for healthcare – leaving the piece open for a sequel...
Comments (0)
What Good is PCI-DSS?
May 03, 2012 Added by:david barton
Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?
Comments (9)
Compliance: To Boldly Go Where the Board Needs to Go
April 30, 2012 Added by:Thomas Fox
I was thinking about Captain Kirk and his leadership of the Enterprise in the context of issues relating the Board of Directors responsibility in a company’s compliance program. Kirk did not have to deal with a BOD, but he did lead from the front, and that is what a CCO must do...
Comments (0)
Another Year, Another QSA Re-Certification
April 27, 2012 Added by:PCI Guru
There is a lot of discussion on network segmentation, and this year’s presentation material indicates there are apparently still a lot of QSAs that do not understand the concept of network segmentation and what constitutes good segmentation from poor segmentation...
Comments (0)
Exposing Unproven Enterprise Security
April 26, 2012 Added by:Rafal Los
Before you call me an alarmist, unless you've tested your defenses you can't actually be sure with any amount of certainty whether they work. I don't mean this in a "can we ever be really sure?" philosophical sense here - I mean this in a concrete "does this even work?" sense...
Comments (0)
From Fraud to Infosec and Vice Versa... Part 2
April 24, 2012 Added by:Neira Jones
In my previous post I summarized fraud and how it relates to infosec. Key enablers used to defraud victims of all types cut across the landscape and often overlap, posing further challenges for quantifying their impact, but the classifications are nonetheless helpful...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR