Items Tagged with "Compliance"
ISO 27001 - BS 25999-2 Certification Process
December 01, 2010 Added by:Dejan Kosutic
This free 45-minute webinar training session is designed for organizations that plan to get certified against ISO 27001 or BS 25999-2 for the first time. This session will explain the process of certification as well as how to make the certification successful...
Comments (0)
Random Highlights From PCI DSS 2.0
December 01, 2010 Added by:Anton Chuvakin
Use of a PA-DSS compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment and according to the PA-DSS Implementation Guide – this is useful for... ahem... reminding merchants about it...
Comments (1)
WikiLeak's Next Dump May Alter Enterprise Security Forever
November 30, 2010 Added by:Anthony M. Freed
If the recent classified data disclosures by whistleblower organization WikiLeaks can be said to have governments in a scramble, then it would be fair to say that the pending release of confidential records from private enterprises should have executives and shareholders in a serious pucker...
Comments (6)
How To Risk-Base Supply Chain Vendors Under FCPA
November 25, 2010 Added by:Thomas Fox
The Supply Chain probably does not command your Compliance Department attention as do other types of third party business partners. This may be coming to an end as most Compliance Professionals recognize that third parties which supply goods or services to a company should be scrutinized...
Comments (1)
BS 25999-2 Implementation Checklist
November 23, 2010 Added by:Dejan Kosutic
Your management has given you the task to implement business continuity, but you're not really sure how to do it. Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier - here are the main steps necessary to implement this standard...
Comments (0)
Who Is Responsible In A Breach?
November 19, 2010 Added by:PCI Guru
Unfortunately, the card brands have not helped the situation. The card brands approach to breaches boarders on childlike. In their view, it is everyone’s fault – the organization that was breached, the QSA, anyone except, of course, the card brands...
Comments (0)
The Future of Privacy, Cooperation and Enforcement
November 19, 2010 Added by:David Navetta
Some regulators and academics call for stronger privacy protections, arguing that consumers are still unaware of the consequences of disclosing personal data. Notably, opinions on the state and future of privacy did not necessarily split along the industry and regulator lines...
Comments (0)
ISO 27001 Implementation: Make It Easier Using ISO 9001
November 15, 2010 Added by:Dejan Kosutic
This free 45-minute training is designed for organizations that plan to implement ISO 27001 and have already implemented ISO 9001. The session will explain how to use ISO 9001 to facilitate the implementation of ISO 27001 through the existing documentation and processes. Register here...
Comments (0)
SAS 70 Is Dead!
November 15, 2010 Added by:PCI Guru
The good news is that, for the most part, SSAE 16 and ISAE 3402 are essentially the same. There are a few differences that are important to financial auditors and lawyers, but should not have an impact on people relying on these reports for PCI compliance or other purposes...
Comments (3)
DOJ Guidance on FCPA Compliance Programs
November 12, 2010 Added by:Thomas Fox
The information included these collective Corporate Compliance Programs provides the FCPA compliance practitioner with the most current components that the Department of Justice believes should be included in a FCPA compliance program...
Comments (0)
Top Five Mistakes CIOs Often Make
November 10, 2010 Added by:Danny Lieberman
As long as the earth doesn’t move, you’re safe - but once things start, you can drop into a big hole. Most security vulnerabilities reside in the cracks of systems and organizational integration and during an M&A, those fault lines can turn security potholes into the Grand Canyon...
Comments (4)
Understanding and Selecting a Database Assessment Solution
November 09, 2010 Added by:Sasha Nunke
Database Assessment is not just a security precaution, but an integral part of database operations management. Databases form the backbone of every major application within the data center, which makes their stability and security both critically important to business operations...
Comments (0)
So You’ve Been Hacked — Now What?
November 09, 2010 Added by:Global Knowledge
A security breach may require you to notify people outside the company, particularly if the incident affects your compliance with PCI, GLBA, or HIPAA. If you want to pursue criminal charges or recover damages, you should contact your local law enforcement’s cybercrime unit or national law enforcement...
Comments (0)
Proposed Amendments to the FCPA
November 05, 2010 Added by:Thomas Fox
After his speech to the Compliance Week Annual Conference last May, Assistant Attorney General for the Criminal Division of the US Department of Justice, Lanny Breuer, took several questions from the audience. One of his more interesting responses was regarding facilitation...
Comments (0)
Business Continuity Implementation Webinar
November 01, 2010 Added by:Dejan Kosutic
This free one-hour training is designed for organizations that plan to implement BS 25999-2. This session will explain all the steps in business continuity implementation according to BS 25999-2 standard, and provide tips on how to proceed with this complex task...
Comments (0)
ISO 27001 Annex A Controls
October 27, 2010 Added by:Dejan Kosutic
Annex A is where ISO 27001 and ISO 27002 come together - the controls in ISO 27002 are named the same as in Annex A of ISO 27001, the difference is the level of detail - ISO 27001 gives only a short definition, while ISO 27002 gives details on how to implement the control...