Items Tagged with "Compliance"


E6258b956c06d8dbabbde10d4919e5ef

Three Compliance Trends to Watch in 2015

January 26, 2015 Added by:Mav Turner

Continuous compliance involves constantly reviewing processes and quickly making any necessary updates as a result of deviations from their intended performance. However, despite the fact that continuous compliance is effective at eliminating the gaps between compliance and security, it also greatly increases the complexity of managing compliance.

Comments  (2)

Ee445365f5f87ac6a6017afd9411a04a

What is Continuous Compliance and Assurance?

June 18, 2014 Added by:Jon Long

The phrase "Continuous Compliance" is almost meaningless without an additional reference of "Assurance." I define continuous compliance and assurance as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective results to meet information security goals.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Five Ways to Avoid HIPAA Compliance Breaches With Better Security Controls

June 05, 2014 Added by:InfosecIsland News

To prevent costly breaches such as this one from happening, Netwrix Corporation suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.

Comments  (0)

022aafe7eef823af1fa3931a5539ae49

What’s New in PCI DSS v3.0 for Penetration Testing?

May 20, 2014 Added by:Nima Dezhkam

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.

Comments  (0)

2fb7499ecf0556150d20d49a5e92486c

There's a New Sheriff in Town – PCI DSS Lays Down the Law to Improve Pen Testing Requirements

January 29, 2014 Added by:Michael Sabo

The PCI’s 12 mandatory requirements are designed to protect cardholder data from the threat of fraud or theft. Requirement 11.3 gets to the heart of the pen test, and it was revised in PCI-DSS version 3.0.

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

The Perils of Combining Security and Compliance

January 27, 2014 Added by:Robb Reck

There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.

Comments  (0)

C9f10ffa24531c96d85e0445499fd1e4

Target and Neiman Marcus Breaches Renew Issues Regarding PCI Lawsuits

January 16, 2014 Added by:john melvin

We have no way of knowing right now what the causes of the recent Target and Neiman-Marcus data breaches are. It just raises the same questions of: does compliance with PCI standards mean that everything is secure against attacks? If an application is compliant, is that enough? It doesn’t seem to be clear whether or not a company can completely “pass the buck” to the developers and maintaine...

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

What PCI Requirements Apply to Us: Tacking a Common PCI DSS Compliance Challenge

August 21, 2013 Added by:Rohit Sethi

Determining which system components fall under PCI compliance can often be problematic for many companies. When it comes to PCI DSS (Payment Card Industry Data Security Standards) compliance assessments, scoping tends to become a major challenge.

Comments  (12)

Cc281a493d63c492153ba35b86dcc794

Top 10 Encryption Benefits

April 30, 2013 Added by:Steve Pate

If deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today’s business environments. Below are top 10 benefits for those considering encryption.

Comments  (0)

760f8b3ac86e3ac286c6e0d4bdd9a039

Using Least Privilege to Effectively Meet PCI DSS Compliance

April 25, 2013 Added by:Andrew Avanessian

PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

How to comply with PCI DSS 6.3

March 09, 2013 Added by:Rohit Sethi

If you process, transmit or store credit card data in your software then you’re likely subject to the Payment Card Industry Data Security Standard (PCI DSS). One of the most onerous sections of the PCI DSS is requirement 6: Develop and maintain secure systems and applications.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Pre-Authorization Data – The Card Brands Weigh In

January 28, 2013 Added by:PCI Guru

Acquiring banks, for the most part, cannot answer basic questions about the PCI DSS, so we are supposed to believe that they are experts on retention of pre-authorization data based on a company’s vertical market and region? Talk about passing the buck...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Fly First Class But Pay Economy for HIPAA Compliance

January 22, 2013 Added by:Danny Lieberman

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Tribute to Stan The Man and 11 Rules for Compliance Success

January 21, 2013 Added by:Thomas Fox

These insights could help you improve your compliance program. And while it doesn’t have quite the same rhyming scheme as Paul Simon’s Mrs. Robinson, here’s to you Stan ‘The Man’ Musial. I hope that you enjoy an inning or two at the great game in the hereafter...

Comments  (0)

65be44ae7088566069cc3bef454174a7

ISMS Certification Does Not Equal Regulatory Compliance

December 27, 2012 Added by:Rebecca Herold

“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”

Comments  (0)

Ff632049ba1218ecd55b8122b2112642

All Aboard

December 17, 2012 Added by:Randall Frietzsche

We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »