Compliance

6d117b57d55f63febe392e40a478011f

The Year of the Security Standard

May 09, 2013 Added by:Anthony M. Freed

Often in the security field we hear the question asked, “Who’s watching the watchers?” It occurred to me recently that one might make a similar rhetorical quip about other aspects of our field – in particular, the question of “Who’s standardizing the standards?”

Comments  (0)

Af2769c2480db78c589b811b428782b0

Bore Them With Death-by-Awareness: That’ll Teach em!

May 08, 2013 Added by:Lee Mangold

As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?

Comments  (0)

D2b743b9ed2d7c357472fa8237d7adaf

Using Least Privilege to Effectively Meet PCI DSS Compliance

April 25, 2013 Added by:Andrew Avanessian

PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Enter the CISO: Torchbearer of Security and Risk Management

April 06, 2013 Added by:Anthony M. Freed

In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Conducting Secure Transactions On-the-go with VPNs

March 20, 2013 Added by:Patrick Oliver Graf

The safeguarding of private customer information has become a top priority for many organizations, thanks in no small part to government regulation and industry oversight, as we move toward an increasingly digital world.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

How to comply with PCI DSS 6.3

March 09, 2013 Added by:Rohit Sethi

If you process, transmit or store credit card data in your software then you’re likely subject to the Payment Card Industry Data Security Standard (PCI DSS). One of the most onerous sections of the PCI DSS is requirement 6: Develop and maintain secure systems and applications.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why HTC’s Settlement is a Game Changer for Secure Development

March 08, 2013 Added by:Rohit Sethi

The HTC settlement is not based on high-profile breaches. Instead, it points out: “HTC America failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices”.

Comments  (0)

959779642e6e758563e80b5d83150a9f

Celebrity Privacy Breaches and High School Physics

February 01, 2013 Added by:Danny Lieberman

In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Implementing a Data De-Identification Framework

January 29, 2013 Added by:Rebecca Herold

Marketing organizations salivate at the prospects of doing advanced analysis with such data to discover new trends and marketing possibilities. The government wants to use it for investigations. Historians want to use it for, yes, marking historical events. And the list could go on...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Privacy Crusaders – Their Own Worst Enemies

January 28, 2013 Added by:Danny Lieberman

It is no accident that the largest healthcare organizations have the highest rate of patient-privacy breaches. The old saying – “the bigger they are, the harder they fall” is true, but more than that is happening when it comes to patient-privacy breaches in America as a whole...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Pre-Authorization Data – The Card Brands Weigh In

January 28, 2013 Added by:PCI Guru

Acquiring banks, for the most part, cannot answer basic questions about the PCI DSS, so we are supposed to believe that they are experts on retention of pre-authorization data based on a company’s vertical market and region? Talk about passing the buck...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Fly First Class But Pay Economy for HIPAA Compliance

January 22, 2013 Added by:Danny Lieberman

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Tribute to Stan The Man and 11 Rules for Compliance Success

January 21, 2013 Added by:Thomas Fox

These insights could help you improve your compliance program. And while it doesn’t have quite the same rhyming scheme as Paul Simon’s Mrs. Robinson, here’s to you Stan ‘The Man’ Musial. I hope that you enjoy an inning or two at the great game in the hereafter...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Are you meeting your perceived security obligations?

January 19, 2013 Added by:Tripwire Inc

Security professionals today identify lack of qualified talent and lack of organizational funding as a key problem to their daily job; which probably implies that they are doing what they can with what they have; which likely may not meet expectations...

Comments  (0)

48f758be63686a73484a7380e94f73d0

The Phoenix Project: A Review

January 16, 2013 Added by:Ed Bellis

Gene Kim was kind enough to provide me with an advanced review copy of The Phoenix Project who is a co-author of the book. Fair warning: the first half of this book brought back nails-on-a-chalkboard type memories of dealing with large-scale audits and everything that comes with it...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Identity Thieves Take a Bite Out of Apple

January 15, 2013 Added by:Kelly Colgan

Scammers are taking advantage of a product financing offer that presents identity thieves with the opportunity to fraudulently obtain instant credit approval to make online purchases. The crime is simple to carry out. All scammers need are the basic types of information commonly exposed in data breaches...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »