February 25, 2014 Added by:David Navetta
Payment card breaches are not 100% preventable, and for most merchants over time, are inevitable...As such, rather than focus solely on cumbersome security standards such as PCI-DSS, payment card breaches should be viewed more from an overall risk management perspective.
February 24, 2014 Added by:Joe Weiss
The recently issued NIST Framework on CIP is a good basic top level document. It directly addresses ICS which is a great step forward and I am very happy to see IEC (ISA)-62443 liberally addressed. I believe the shortcoming is the lack of any actual requirements.
February 05, 2014 Added by:Thomas Fox
In honor of The Movie Channel’s annual 28 days of Oscar, the upcoming Academy Awards and inspired by Jay Rosen’s prior career and the FCPA Professor’s hypothetical discussion between a Chief Compliance Officer (CCO) and his Chief Executive Officer (CEO) last week...I thought I might write about 'Compliance Defense- The Movie.'
February 04, 2014 Added by:David Navetta
While the outcome of this lawsuit is uncertain, breach notification practitioners and companies that handle California personal information should keep an eye on this case and any rulings that come out of it.
February 04, 2014 Added by:Joe Weiss
This risk is certainly more probable than once in a million years which is the minimum criteria for the safety analysis to address specific threats.
February 04, 2014 Added by:Anthony M. Freed
U.S. intelligence agencies warned the Department of Health and Human Services that the Healthcare.gov may have been compromised by contractors from Belarus who worked on developing code for the network who are suspected of inserting malicious code.
January 27, 2014 Added by:Robb Reck
There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.
January 21, 2014 Added by:Anthony M. Freed
The House of Representatives Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies has passed a bill to bolster provisions to protect the nation’s critical infrastructure, moving it one step closure to full consideration.
January 21, 2014 Added by:Thomas Fox
Compliance leadership can take many forms and inspiration can come from many different sources.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
July 04, 2013 Added by:Jon Long
Recently I have had opportunities to observe several auditors defend why they believe the controls contained in their client's SSAE 16 reports are relevant to internal controls over financial reporting (ICFR).
July 03, 2013 Added by:Phil Cox
On January 25, 2013, the U.S. Department of Health and Human Services (HHS) released the Omnibus Rule, which finalized all the former interim rules for Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) compliance.
NSA Wary of Potential Hacktivist Threat to P... Fsagaegae Ho;ykry on 11-26-2014
EFF Challenges NSA's Domestic Surveillance i... Fsagaegae Ho;ykry on 11-26-2014
Regin: A Malicious Platform Capable Of Spyin... Fsagaegae Ho;ykry on 11-26-2014