Compliance

E85787adcaf7bca10e799cfd1cfd08f1

Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)

3071bd3c5c013c8c3defcccad0259c16

If you are not serious enough about your security don’t expect your IT service provider to care

December 10, 2012 Added by:Hani Banayoti

Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...

Comments  (0)

Ff632049ba1218ecd55b8122b2112642

Risky Business

December 03, 2012 Added by:Randall Frietzsche

In the broad spectrum of activities which might be called Information Security, we must always first and foremost implement, execute and follow through with risk management. Risk management is the backbone or foundation of any good information security program...

Comments  (0)

145dfdfe39f987b240313956a81652d1

Pen Test vs. Vulnerability Scan: You know the difference, but do they?

November 28, 2012 Added by:Stacey Holleran

Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...

Comments  (5)

59d9b46aa00c70238bb89056cfeb96c0

Beacon Events Compliance Conference in Beijing – I Wish I Could Be There

November 27, 2012 Added by:Thomas Fox

If you have not had the opportunity to attend a compliance-related conference tailored to the challenges of working in the Far East this would be the one for you. Even if you have attended such an event, this conference focuses on China and will give you insight into how to do business...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

E-mailing Passwords - Practice What You Preach

November 19, 2012 Added by:Bill Mathews

That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...

Comments  (6)

5029f8f9d65d988cb378fc0290f86cc4

Panalpina’s “World Wide Web”

November 12, 2012 Added by:Mary Shaddock Jones

Companies can be held liable for the acts of third parties acting on their behalf. The use of the contracting strategies will clearly communicate to the Agent and/ or Partner the seriousness of your company’s commitment to abiding by the law and spirit of the FCPA and similar anti-corruption laws and regulations...

Comments  (0)

F66c1a87a8db2cb584b4e06e93a84ce3

Why traditional approaches for securing Industrial Control Systems Fail

November 09, 2012 Added by:Mikko Jakonen

Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Buzzword Compliance Not Enough: Must Haves for Meaningful Use

November 08, 2012 Added by:Danny Lieberman

Many technology vendors tout the idea of self management, and the advantages of mobile healthcare apps, virtual visits, tablets and e-detailing but in fact, a face-to-face relationship with a doctor is more powerful than a digital relationship alone. We don’t need Sherry Turkle to tell us that...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Amazon Cloud And PCI Compliance

November 07, 2012 Added by:PCI Guru

The first part of the mythology revolves around what PCI compliant services Amazon Web Services (AWS) is actually providing. According to AWS’s Attestation Of Compliance, AWS is a Hosting Provider for Web and Hardware. The AOC calls out that the following services have been assessed PCI compliant...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Creation, Implementation and Administration of a Hotline

October 29, 2012 Added by:Thomas Fox

I recently saw a White Paper released through Compliance Week, where an un-named author posited that there are seven essential features to create an effective hotline. I found this article to be useful for a compliance practitioner to quickly review how his or her company might set up a hotline...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Using ISO 27005: Where Does a Risk Taxonomy Fit?

October 23, 2012 Added by:Stephen Marchewitz

Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Resilience: Healthcare Edition (Part 1: Challenges)

October 21, 2012 Added by:Rafal Los

Organizations that make up the small to medium enterprise market are finding themselves in trouble as they are appearing on a lot of radar screens for attack, yet can't seem to find the resources they need to defend themselves adequately. Lots of challenges present around that point, to start off with...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Using brainware to store patient data and ensure patient privacy

October 16, 2012 Added by:Danny Lieberman

If pharmaceutical companies can access data from patients, then they can design and manufacture better products. This is good for patient health but problematic for current regulation of patient privacy. There is no such thing as patient privacy once big commercial ventures like large pharmas get involved...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

James Bond at 50 – A Compliance Conversation in English and American

October 15, 2012 Added by:Thomas Fox

Maybe it’s just the difference in the two cultures; in the UK, they are trying figure out how and why compliance failures occurred and change the compliance culture so they can obey the law. In the US, businesses want to change the law so the conduct companies engage in will no longer violate the law...

Comments  (0)

F66c1a87a8db2cb584b4e06e93a84ce3

Online Banking: A Trust Opportunity to (Re)gain?

October 09, 2012 Added by:Mikko Jakonen

How come banks are telling people to maintain their security better, without putting their OWN reputation and capabilities in line with the DIRECT consequences of the change paradigm towards ‘webalized’ approach we have witnessed for years, has now resulted as poor operational security...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »