HIPAA

Ebe141392ea3ebf96ba918c780ea1ebe

Depends

December 11, 2014 Added by:Wendy Nather

I've always had a problem with compliance, for a very simple reason: compliance is generally a binary state, whereas the real world is not. Nobody wants to hear that you're a "little bit compliant," and yet that's what most of us are.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Significant Change And Periodic

December 09, 2014 Added by:PCI Guru

No words or phrases in the PCI standards elicit more comments and questions than “significant change”, “periodic” and “periodically”.

Comments  (0)

6a71825dbf6d876764b845e0fd664e0b

Security in 2015: The Internet Becomes the Corporate Network Perimeter

December 05, 2014 Added by:Paul Lipman

The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Phones, Phablets and Clouds - Securing Today’s New Infrastructure

December 03, 2014 Added by:Steve Durbin

Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Face It, You Are A Poor Judge Of Risk

November 24, 2014 Added by:PCI Guru

I bring this up because the PCI DSS is heading more and more to be driven by risk and the assessment of that risk.

Comments  (5)

Fc152e73692bc3c934d248f639d9e963

Security or Checking a Box?

November 20, 2014 Added by:PCI Guru

What is your organization interested in? Security or checking a box? Not surprisingly, most people answer “security” and then go on to prove with their actions and words that they are only interested in checking a box.

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Compliance-Based Infosec Vs Threat-Based Infosec

October 29, 2014 Added by:Brent Huston

Compliance-based infosec, when implemented correctly, is really the best kind of defense there is. The problem is, the only place I’ve ever seen it really done right is in the military.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Lawyer Or Security Professional?

October 13, 2014 Added by:PCI Guru

It has been an interesting time as the December 31, 2014 deadline approaches and version 2 of the PCI DSS comes to its end of life. I have started to notice that there are a lot of security professionals and others that are closet lawyers based on the discussions I have had with some of you regarding compliance with the PCI DSS.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Do Not Jump To Conclusions

October 08, 2014 Added by:PCI Guru

The take away from this post is to think through the implications of the Council’s directives before you go off advising organizations that certain technologies are not PCI compliant

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Interested In Business As Usual?

October 01, 2014 Added by:PCI Guru

Organizations are finally realizing that the only way they are ever going to feel secure is to embed security controls in their everyday business processes and make sure that they periodically assess that those controls are working.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Goodwill Payment Vendor Breached for 18 months Undetected – Are You Surprised?

September 24, 2014 Added by:Tripwire Inc

You may find this surprising… 18 months is a year and a half of attackers wandering around, looting sensitive data while remaining undetected.

Comments  (0)

Default-avatar

Parallels Among the Three Most Notorious POS Malware Attacking U.S. Retailers

September 22, 2014 Added by:Cyphort

After the first major success of POS malware breaching Target Corporation in November 2013 occurred, the number of POS device infections in the wild skyrocketed.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

How Many Auditors Does It Take …

September 18, 2014 Added by:PCI Guru

The title of this post sounds like the start of one of those bad jokes involving the changing of light bulbs. But this is a serious issue for all organizations because, in today’s regulatory environment, it can be a free for all of audit after audit after assessment after assessment.

Comments  (1)

E11e506024f5d2b70f037b9af4734f33

French ANSSI key measures to improve the cybersecurity of ICS

September 08, 2014 Added by:Stefano Mele

Since February 2013, industrial stakeholders (final users, vendors, integrators, professional organizations, etc.) and French governmental entities have been working together as part of a working group, lead by ANSSI, which aims at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Backoff PoS Malware: Are You Infected and Don't Know It?

August 27, 2014 Added by:Tripwire Inc

According to the Secret Service, Backoff malware has affected an additional 1,000 businesses, hit by the same type of cyberattack that stole the personal information of millions of Target customers last year. “

Comments  (0)

65be44ae7088566069cc3bef454174a7

Avoid this Common Privacy Choice Mistake

August 26, 2014 Added by:Rebecca Herold

Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »