January 27, 2014 Added by:Robb Reck
There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.
January 21, 2014 Added by:Anthony M. Freed
The House of Representatives Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies has passed a bill to bolster provisions to protect the nation’s critical infrastructure, moving it one step closure to full consideration.
January 21, 2014 Added by:Thomas Fox
Compliance leadership can take many forms and inspiration can come from many different sources.
January 16, 2014 Added by:john melvin
We have no way of knowing right now what the causes of the recent Target and Neiman-Marcus data breaches are. It just raises the same questions of: does compliance with PCI standards mean that everything is secure against attacks? If an application is compliant, is that enough? It doesn’t seem to be clear whether or not a company can completely “pass the buck” to the developers and maintaine...
January 06, 2014 Added by:Rohit Sethi
The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
November 04, 2013 Added by:Simon Moffatt
The modern enterprise workforce, will contain contractors, freelancer and even consumers themselves. Bloggers, reviewers, supporters, promoters, content sharers and affiliates, whilst not on the company payroll, help drive revenue through messaging and interaction. If a platform exists where their identity can be harnessed, a new more agile go to market approach can be developed.
October 16, 2013 Added by:Hani Banayoti
Consider encryption at rest but make informed decisions about its value and protection afforded.
October 02, 2013 Added by:Stephen Marchewitz
A brief understanding of the process, time and overall cost of a Card Holder Data. All information contained in this article is for the purposes of awareness and education. If you have experienced a breach, contact a PFI company immediately.
August 21, 2013 Added by:Rohit Sethi
Determining which system components fall under PCI compliance can often be problematic for many companies. When it comes to PCI DSS (Payment Card Industry Data Security Standards) compliance assessments, scoping tends to become a major challenge.
July 29, 2013 Added by:Vince Schiavone
Corporations looking to proactively protect the business against growing enterprise social risks are engaging advanced, strategic solutions to unveil and track a wide array of social threats. This delivers strategic intelligence for proactive response to effectively mitigate these threats, often before they explode into all out crises.
July 04, 2013 Added by:Jon Long
Recently I have had opportunities to observe several auditors defend why they believe the controls contained in their client's SSAE 16 reports are relevant to internal controls over financial reporting (ICFR).
July 03, 2013 Added by:Phil Cox
On January 25, 2013, the U.S. Department of Health and Human Services (HHS) released the Omnibus Rule, which finalized all the former interim rules for Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) compliance.
Wireless Home Technologies Create Security R... Bill Phillips on 12-19-2014
Mobile Security Processes Could Be Applied t... Lukas Ho on 12-19-2014
Update 3: Hackers May Leak Norton Antivirus ... Prabhas Raju on 12-19-2014