Compliance

Fc152e73692bc3c934d248f639d9e963

Call Centers and PCI Compliance

June 28, 2012 Added by:PCI Guru

In a call center environment where operators are taking orders over the phone and accepting credit/debit cards for payment, until the card transaction is either approved or declined, we are talking pre-authorization data. Only cardholder data after authorization or decline is covered by the PCI DSS...

Comments  (2)

59d9b46aa00c70238bb89056cfeb96c0

Breaking the Enigma Code: Creating a Functioning Compliance Culture

June 25, 2012 Added by:Thomas Fox

New York Times reporter Adam Bryant recently profiled Angie Hicks, one of the co-founders of Angie’s List, who has some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Control Systems Company Resolves Criminal Violations

June 25, 2012 Added by:Headlines

Data Systems & Solutions LLC, a company based in Reston, Virginia, that provides design, installation, maintenance, and other services at nuclear and fossil fuel power plants, has agreed to pay an $8.82 million criminal penalty to resolve FCPA compliance violations...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Bill Gates, the Perfect Game and Your Compliance Program

June 17, 2012 Added by:Thomas Fox

Collins has been looking at corporations for over 25 years to unlock the mystery of what makes a great company tick and discusses twelve questions that leaders must grapple with if they truly want to excel. This list is a good summary of questions that you can and should be posing to your compliance team...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

PCI DSS and Compliance: Just a Tick Box Exercise?

June 13, 2012

According to Neira Jones, Head of Payment Security at Barclaycard, compliance should be a natural byproduct of good risk management and information security practice...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Failure Of PCI?

June 13, 2012 Added by:PCI Guru

The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Pink Floyd’s "The Wall" and Compliance

June 12, 2012 Added by:Thomas Fox

Compliance: One of the most important things is that sometimes you just hit a brick wall. You can carefully plan a strategy, implement the planned strategy and then measure the results, but it can still fall completely flat. In other words, you hit the proverbial wall...

Comments  (0)

37d5f81e2277051bc17116221040d51c

POS Skimming: Bad News for Banks and Merchants

June 12, 2012 Added by:Robert Siciliano

EFTPOS skimming — which stands for “electronic funds transfers at the point of sale” — involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server...

Comments  (0)

5556cc7a08173e4db1ee0687e015df68

We Hope SOC 2 Fails...

June 11, 2012

SOC 2 has the potential to unify the risk assurance industry by consolidating multiple audits, standards, and compliance requirements under one umbrella engagement. However, if the market is allowed to define anything as internal controls over financial reporting (ICFR), SOC 2 is destined to fail...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Can You Use Dropbox for Storing Healthcare Data?

June 11, 2012 Added by:Danny Lieberman

The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

PCI’s Money Making Cash Cow Not So Good for the Industry

June 07, 2012 Added by:Andrew Weidenhamer

The level of scrutiny the PCI DSS has been subject to the last couple of years has been bad enough to accentuate it with the advent of the ISA program. The false sense of confidence the ISA program gives individuals is insanely bad for the industry. Like any other certification, the test isn’t difficult..

Comments  (1)

959779642e6e758563e80b5d83150a9f

How to Keep Healthcare Secrets Online

June 06, 2012 Added by:Danny Lieberman

When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How the DOJ Looks at Compliance Programs Part 2

May 31, 2012 Added by:Thomas Fox

The ABA Primer notes that an effective compliance program consists of documentation that an organization “exercise[s] due diligence to prevent and detect criminal conduct; and otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law”...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FTC MySpace Settlement: Say What You Do and Do What You Say

May 30, 2012 Added by:David Navetta

The settlement bars MySpace from making future misrepresentations regarding the extent to which it protects users’ personal information, requires it to implement a comprehensive privacy program and requires it to undergo biennial, independent, third party privacy assessments for the next 20 years...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NIST Workshop: Safeguarding Health Information

May 30, 2012 Added by:Infosec Island Admin

The HIPAA Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »