Items Tagged with "Compliance"
Top 10 Encryption Benefits
April 30, 2013 Added by:Steve Pate
If deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today’s business environments. Below are top 10 benefits for those considering encryption.
Comments (0)
Using Least Privilege to Effectively Meet PCI DSS Compliance
April 25, 2013 Added by:Andrew Avanessian
PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.
Comments (0)
How to comply with PCI DSS 6.3
March 09, 2013 Added by:Rohit Sethi
If you process, transmit or store credit card data in your software then you’re likely subject to the Payment Card Industry Data Security Standard (PCI DSS). One of the most onerous sections of the PCI DSS is requirement 6: Develop and maintain secure systems and applications.
Comments (0)
Pre-Authorization Data – The Card Brands Weigh In
January 28, 2013 Added by:PCI Guru
Acquiring banks, for the most part, cannot answer basic questions about the PCI DSS, so we are supposed to believe that they are experts on retention of pre-authorization data based on a company’s vertical market and region? Talk about passing the buck...
Comments (0)
Fly First Class But Pay Economy for HIPAA Compliance
January 22, 2013 Added by:Danny Lieberman
After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...
Comments (0)
Tribute to Stan The Man and 11 Rules for Compliance Success
January 21, 2013 Added by:Thomas Fox
These insights could help you improve your compliance program. And while it doesn’t have quite the same rhyming scheme as Paul Simon’s Mrs. Robinson, here’s to you Stan ‘The Man’ Musial. I hope that you enjoy an inning or two at the great game in the hereafter...
Comments (0)
ISMS Certification Does Not Equal Regulatory Compliance
December 27, 2012 Added by:Rebecca Herold
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
Comments (0)
All Aboard
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
Comments (0)
Managing the Social Impact of Least Privilege
December 10, 2012 Added by:Paul Kenyon
In organizations where IT policy hasn’t been enforced or where users expect to have full autonomy over PCs, the transition to least privilege desktops must be carefully planned, so the IT department doesn’t face a user revolt. Make sure to set users’ expectations accordingly...
Comments (0)
Compliance Combines with Vulnerability Scanning to Create Aegify
December 10, 2012 Added by:Michelle Drolet
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...
Comments (1)
Five Essentials of a Chief Compliance Officer Position
December 05, 2012 Added by:Thomas Fox
The five essential features are based on the Department of Justice’s thinking on the issue in the form of the US Sentencing Guidelines, FCPA enforcement actions and evolving best practices. If your company is not following these it may well not be deemed to have a commitment to compliance...
Comments (0)
Pen Test vs. Vulnerability Scan: You know the difference, but do they?
November 28, 2012 Added by:Stacey Holleran
Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...
Comments (5)
Beacon Events Compliance Conference in Beijing – I Wish I Could Be There
November 27, 2012 Added by:Thomas Fox
If you have not had the opportunity to attend a compliance-related conference tailored to the challenges of working in the Far East this would be the one for you. Even if you have attended such an event, this conference focuses on China and will give you insight into how to do business...
Comments (0)
Buzzword Compliance Not Enough: Must Haves for Meaningful Use
November 08, 2012 Added by:Danny Lieberman
Many technology vendors tout the idea of self management, and the advantages of mobile healthcare apps, virtual visits, tablets and e-detailing but in fact, a face-to-face relationship with a doctor is more powerful than a digital relationship alone. We don’t need Sherry Turkle to tell us that...
Comments (0)
From Trick or Treat through Thanksgiving: Examining the Past to Prepare for the Future
November 04, 2012 Added by:Mary Shaddock Jones
In my experience, companies need to be closely reviewing what little case law or factual allegations exist with regard to the FCPA so that they too know where to find any potential problems that may exist within their own company. There are only so many ways to hide the dollar...
Comments (0)
Creation, Implementation and Administration of a Hotline
October 29, 2012 Added by:Thomas Fox
I recently saw a White Paper released through Compliance Week, where an un-named author posited that there are seven essential features to create an effective hotline. I found this article to be useful for a compliance practitioner to quickly review how his or her company might set up a hotline...