Items Tagged with "Compliance"
Using ISO 27005: Where Does a Risk Taxonomy Fit?
October 23, 2012 Added by:Stephen Marchewitz
Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...
Comments (0)
James Bond at 50 – A Compliance Conversation in English and American
October 15, 2012 Added by:Thomas Fox
Maybe it’s just the difference in the two cultures; in the UK, they are trying figure out how and why compliance failures occurred and change the compliance culture so they can obey the law. In the US, businesses want to change the law so the conduct companies engage in will no longer violate the law...
Comments (0)
Auditing Healthcare IT Security with Multiple Threat Scenarios
October 10, 2012 Added by:Danny Lieberman
For small to mid-size hospitals, nursing homes, medical device, healthcare IT vendors will have a much simpler audit and will be primarily interested in how cheaply the audit can be done and how much they can save using the technique of multiple threat analysis...
Comments (0)
CEO Hubris and Compliance Catastrophes
October 08, 2012 Added by:Thomas Fox
Even in this age of documenting, checking, measuring, stress testing and reassessing every conceivable type of risk, what is the one which is never tested? She believes that the answer is “the chief executive gets so high on power that he or she losses the plot...”
Comments (0)
Mobile Security: Tips for Using Personal Devices at Work
October 08, 2012 Added by:Robert Siciliano
If you as an employee of a hospital use your personal device at work and also use it outside of work and it gets lost or stolen, then YES, you and the hospital would be in a great deal of hot water in the event that mobile device was lost...
Comments (1)
Revenge of the NERCs?
October 04, 2012 Added by:Tripwire Inc
Ultimately this is critical stuff. If we don’t want to find ourselves wandering the wastelands searching for food and water fighting off marauding bands of marauders (is that redundant?) its important for these ninjas to get it right and keep the pirates at bay...
Comments (0)
Navigating Social Media Legal Risks: Safeguarding Your Business
October 03, 2012 Added by:Ben Rothke
Social media makes it easy for organizations to find and retain customers and increase sales, amongst many other benefits. At the same time, it can expose an organization to significant and highly-expensive legal risks and issues, and find themselves at the receiving end of a subpoena...
Comments (0)
Revising Your Code of Conduct: Don’t Wait
September 30, 2012 Added by:Thomas Fox
The backbone of the revision process is how your company captures, collaborates and preserves “all of the comments, notes, edits and decisions during the entire project," and you should assess “the best application to launch your Code and whether it includes a certification process..."
Comments (0)
CFAA Does Not Bar Misappropriation when Employee Authorized
September 27, 2012 Added by:David Navetta
The CFAA only permits claims for accessing a protected computer “without authorization” and “exceeds authorized access” “only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access...”
Comments (0)
The Face of Battle: Sir John Keegan and the Individual in Compliance
September 26, 2012 Added by:Thomas Fox
Compliance violation perpetrators will often grow the fraud in magnitude, sometimes increasing the number of participants. They will rarely cease on their own accord. This fits into Sir John’s analysis of the everyman of battle: What they did and how they did it...
Comments (0)
Third Party Service Providers and PCI Compliance
September 25, 2012 Added by:PCI Guru
If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...
Comments (3)
Friends and Family Breach Patient Privacy, Not Estonian Hackers
September 17, 2012 Added by:Danny Lieberman
Humans being are naturally curious, sometimes vindictive and always worried when it comes to the health condition of friends and family. Being human, they will bend rules to get information and in the course of bending rules, breach patient privacy...
Comments (0)
Compliance and Company Values from the Ground Up
September 17, 2012 Added by:Thomas Fox
For the compliance practitioner sometimes the biggest challenge is not only to get senior management but the troops in the trenches to embrace compliance. Cathy Choi's story is a powerful lesson of one way to get those troops to buy into what the compliance department is selling...
Comments (0)
Seven Tips to Improve Patch Management
September 12, 2012 Added by:Dan Dieterle
The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue...
Comments (0)
Internally Funding Your Compliance Program
September 11, 2012 Added by:Thomas Fox
Big banks are not doing too well these days in the compliance arena. From money-laundering operations for drug cartels to trading losses, big banks seem to be more in the news these days for compliance failures rather than successes...
Comments (0)
Maine Supreme Court Affirms Smart Meter Opt-Out Program
September 09, 2012 Added by:David Navetta
Maine has been one of the most aggressive states to pursue widespread implementation of smart utility meters for customers throughout the state, but not all utility customers have embraced smart meters despite consumers concerns over privacy issues...