Compliance

59d9b46aa00c70238bb89056cfeb96c0

Compliance and Company Values from the Ground Up

September 17, 2012 Added by:Thomas Fox

For the compliance practitioner sometimes the biggest challenge is not only to get senior management but the troops in the trenches to embrace compliance. Cathy Choi's story is a powerful lesson of one way to get those troops to buy into what the compliance department is selling...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Internally Funding Your Compliance Program

September 11, 2012 Added by:Thomas Fox

Big banks are not doing too well these days in the compliance arena. From money-laundering operations for drug cartels to trading losses, big banks seem to be more in the news these days for compliance failures rather than successes...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Leadership in the Compliance Department

September 05, 2012 Added by:Thomas Fox

While a leader can provide some insights based on experience, and perhaps give a different view, the employee who brought up the compliance issue will probably be more intimately involved with it. The employee may have thought through a resolution to the potential issue as well...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Banks Should Promote EMV

September 04, 2012 Added by:Robert Siciliano

“EMV transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal... EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions...”

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

eVoting Gets Real

September 03, 2012 Added by:Alan Woodward

Having written about the characteristics of reliable e-voting systems in Scientific American recently it is interesting to see that officials are now working hard to implement it.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Pre-Authorization Data: The Definitive Answer

September 03, 2012 Added by:PCI Guru

Just to be clear, I have never argued that pre-authorization data was not to be secured with the same diligence as post-authorization data. I just could not find anything in the PCI DSS that explicitly called out the coverage of pre-authorization data.

Comments  (0)

959779642e6e758563e80b5d83150a9f

Ultimate Breach of Patient Privacy: Real-Time Death on Video

August 29, 2012 Added by:Danny Lieberman

As social media becomes part of the continuum of interaction in the physical and virtual worlds, privacy becomes an issue of discretionary disclosure control. Online privacy and patient privacy will evolve into a market for products and services with stratified pricing, packaging and product positioning...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

How Do You Change an Unhealthy Compliance Culture?

August 29, 2012 Added by:Thomas Fox

The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How Do You Change to a Culture of Compliance?

August 23, 2012 Added by:Thomas Fox

Unlike the insurance industry, which helps companies manage risks through financial instruments, risk management attempts to avoid or at least control risk. The next time you hear the mindless prattle of “but we’ve always done it that way”, get some ideas on how to change your company’s compliance culture...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Compliance is Not Always a Four-Letter Word

August 22, 2012 Added by:Tripwire Inc

This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?

Comments  (0)

959779642e6e758563e80b5d83150a9f

Network Exposure and Healthcare Privacy Breaches

August 20, 2012 Added by:Danny Lieberman

EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...

Comments  (0)

Ebbcdce0dfc85abf519d8b44a017f687

How Security Professionals Can Better Protect Against Data Breaches

August 16, 2012 Added by:Brian Dean

The bottom line: Hacking is lucrative and can be executed from nearly anywhere in the world. Security professionals should be providing risk assessment results annually to executive management. Of course, providing a list of vulnerabilities is probably career limiting. This is the balancing act we must perform...

Comments  (2)

59d9b46aa00c70238bb89056cfeb96c0

Lessons in the Evolution of Compliance in China

August 16, 2012 Added by:Thomas Fox

As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

The Rise of the Virtual-Plagiarist

August 13, 2012 Added by:Ben Rothke

Amazon is a prime feeding ground for the virtual-plagiarist given that Amazon makes a profit off everything sold, and they have no incentive to stop such practices as it would affect their profitability. Amazon takes a kid-gloves approach to plagiarism. That is all the more true for virtual-plagiarized text...

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

PA-DSS Validation Clarification

August 09, 2012 Added by:PCI Guru

The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Silly Putty and Compliance: Remember It’s Not Always About You

August 08, 2012 Added by:Thomas Fox

This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...

Comments  (1)

Page « < 5 - 6 - 7 - 8 - 9 > »