Compliance

201d6e4b7cd0350a1a9ef6e856e28341

Physical Security is Still a Problem

June 17, 2014 Added by:Joe Weiss

I did not think we would be able to film directly in front of large electric substations and other critical infrastructures. I was wrong.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Using “Compliant” Stuff Doesn’t Result in Full Compliance

June 16, 2014 Added by:Rebecca Herold

Organizations that access, in any way, some type of personal information will likely have data protection compliance requirements with which they must comply.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

ICSs and the Internet – What is Actually Happening

June 11, 2014 Added by:Joe Weiss

The story is that MANY ICSs are connected to the Internet and it isn’t expensive to find them.

Comments  (0)

93c815429fc1ab15a9295a4f55989ae0

Signatures of PINS? EMV is Coming

June 09, 2014 Added by:Neohapsis

Ultimately, whether cards are authenticated via PIN or signature, the chip-based credit cards being rolled out in the U.S. will rely upon EMV security measures to protect the security of credit card data.

Comments  (1)

Ffc4103a877b409fd8d6da8f854f617e

Five Ways to Avoid HIPAA Compliance Breaches With Better Security Controls

June 05, 2014 Added by:InfosecIsland News

To prevent costly breaches such as this one from happening, Netwrix Corporation suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Why the Bridge Still Needs to be Built Between Operations and IT

June 04, 2014 Added by:Joe Weiss

When people complain that operators are too focused on safety and reliability I don’t know whether to laugh or cry.

Comments  (0)

E11e506024f5d2b70f037b9af4734f33

U.S. Agencies Need to Improve Cyber Incident Response Practices

June 04, 2014 Added by:Stefano Mele

The U.S. Government Accountability Office (GAO) found that twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information).

Comments  (0)

022aafe7eef823af1fa3931a5539ae49

What’s New in PCI DSS v3.0 for Penetration Testing?

May 20, 2014 Added by:Nima Dezhkam

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

ICS-ISAC: Understanding and Implementing Shared Situational Awareness

May 01, 2014 Added by:Tripwire Inc

SARA (the Situational Awareness Reference Architecture) provides applicable steps for creating local and shared situational awareness.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Security And/Or/Vs/Not Compliance?

May 01, 2014 Added by:Anton Chuvakin

Some recent experiences have led me to believe that quite a few organizations have built a deep chasm between security and compliance.

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Why SAQ A-EP Makes Sense

April 29, 2014 Added by:PCI Guru

Based on the comments I have seen online and made in personal conversations, you would think that SAQ A-EP was heresy or a bad joke.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Rx for Incorrect Compliance Claims and XP

April 14, 2014 Added by:Rebecca Herold

I advise all organizations to identify their systems running XP, determine the risks to PHI of those systems, and then establish a plan to upgrade appropriately and in the nearest time feasible.

Comments  (0)

B742830daed9314883a0edc63daefc42

Pros and Cons of US-Based Cloud Services

March 31, 2014 Added by:Gilad Parann-Nissany

Any company or individual using cloud services today should encrypt data in addition to their firewall, anti-virus and other security measures. Incidentally, it is also encouraged by regulation in several sensitive sectors, notably businesses in the health industry under HIPAA patient and data privacy laws and the payment card industry under PCI DSS standards.

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Missing the (opportunity of) Target

March 25, 2014 Added by:Jack Daniel

What we have is an opportunity to make customers and some merchants happier by standardizing technology across the globe - and we could slide a little increase in security into the process at the same time.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

How did it happen?

March 04, 2014 Added by:PCI Guru

It is easy to pillory the guy that got breached. However, a lot of you should look inside your own organizations before tossing stones.

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance

February 25, 2014 Added by:David Navetta

Payment card breaches are not 100% preventable, and for most merchants over time, are inevitable...As such, rather than focus solely on cumbersome security standards such as PCI-DSS, payment card breaches should be viewed more from an overall risk management perspective.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »