August 23, 2012 Added by:Thomas Fox
Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...
August 22, 2012 Added by:Tripwire Inc
This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?
August 20, 2012 Added by:Danny Lieberman
EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...
August 16, 2012 Added by:Brian Dean
The bottom line: Hacking is lucrative and can be executed from nearly anywhere in the world. Security professionals should be providing risk assessment results annually to executive management. Of course, providing a list of vulnerabilities is probably career limiting. This is the balancing act we must perform...
August 16, 2012 Added by:Thomas Fox
As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...
August 13, 2012 Added by:Ben Rothke
Amazon is a prime feeding ground for the virtual-plagiarist given that Amazon makes a profit off everything sold, and they have no incentive to stop such practices as it would affect their profitability. Amazon takes a kid-gloves approach to plagiarism. That is all the more true for virtual-plagiarized text...
August 09, 2012 Added by:PCI Guru
The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...
August 08, 2012 Added by:Thomas Fox
This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...
July 25, 2012 Added by:Thomas Fox
As the compliance field evolves, the need for experienced professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals?
July 19, 2012 Added by:David Navetta
Specifically, in the latest report, among other issues, the NLRB thoroughly discusses prohibitions on disclosing confidential and proprietary information, posting photographs and other content that depicts other people, and requiring reporting of policy violations. Here are some important take-aways...
July 18, 2012 Added by:Thomas Fox
Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...
July 09, 2012 Added by:Thomas Fox
The DOJ recently announced the resolution of a compliance matter involving violations by Data Systems & Solutions LLC. In reading the Criminal Information, this was no one-off or rogue employee situation, this was a clear, sustained and well known scheme that went on within the company...
July 02, 2012 Added by:Headlines
The U.S. Attorney’s Office filed a criminal complaint against FalconStor Software, a data storage and protection company, alleging that the company conspired to pay more than $300,000 in bribes to executives of J.P. Morgan Chase Bank to obtain over $12 million in electronic storage licencing contracts...
July 01, 2012 Added by:Stacey Holleran
Small technology companies are finding themselves in a unique business situation as prospective clients increasingly request software applications and hosting solutions that can accommodate secure mobile payment transactions, bringing these technology companies to the forefront as “merchant service providers”...
June 28, 2012 Added by:PCI Guru
In a call center environment where operators are taking orders over the phone and accepting credit/debit cards for payment, until the card transaction is either approved or declined, we are talking pre-authorization data. Only cardholder data after authorization or decline is covered by the PCI DSS...
June 25, 2012 Added by:Thomas Fox
New York Times reporter Adam Bryant recently profiled Angie Hicks, one of the co-founders of Angie’s List, who has some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership...
Mass Disclosure of Vulnerabilities in SAP... john niko on 12-09-2013
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013