General
Barbara Tuchman and Compliance Programs
April 04, 2012 Added by:Thomas Fox
Compliance professionals are continually try to get the message out at corporations. Here is some wisdom that Tuchman advocated and how it might help the compliance professional convey the essence of doing business in compliance across a corporation...
Comments (0)
Innovation and Compliance
March 26, 2012 Added by:Thomas Fox
Can compliance be innovative? Or can innovation inform your compliance program? Innovation in the compliance arena is key. As compliance programs mature and as companies mature in their approach to compliance, innovation will continue to lead best practices...
Comments (0)
A Seat at the Table: Compliance in the Contract Tender Process
March 21, 2012 Added by:Thomas Fox
A mature compliance program can be a great benefit for a company, not only in evaluating risk from the compliance perspective but also preparing the necessary steps so that if a contact is awarded, it can be executed in an efficient manner. But it must have a seat at the table...
Comments (0)
Compliance: Moving Off Dead Center
March 19, 2012 Added by:Mary Shaddock Jones
The cost of implementing a compliance program will vary, however, it isn’t expensive enough to find yourself in front of the DOJ explaining why you spend money on air travel or paper clips than you do on a compliance program. Trust me, you don’t want to be in that position...
Comments (0)
Understanding Cloud Security Part Two
March 14, 2012 Added by:Neira Jones
Organisations need to ask cloud providers to disclose security controls and how they are implemented, and consuming organisations need to know which controls are needed to maintain the security of their information. Lack of thoroughness can lead to detrimental outcomes...
Comments (0)
What They Don't Teach You in "Thinking Like the Enemy" Classes
March 06, 2012 Added by:Pete Herzog
The enemy is not homogenous. Just like there is not just one foreign language, there is not one type of enemy. Among those enemy attackers, not all think alike. Even those joined together under a common mission or goal, there is often division in how to accomplish that goal...
Comments (1)
Improving Compliance Performance in Your Supply Chain
March 05, 2012 Added by:Thomas Fox
One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...
Comments (0)
Compliance in the Digital Era: Watch Out for the Third Party
February 24, 2012 Added by:Neira Jones
It is crucial that businesses understand which controls are needed to maintain the security of their information assets and it is therefore crucial that suppliers are assessed against the business regulatory and compliance framework...
Comments (0)
NLRB Issued Second Report on Social Media Enforcement
February 17, 2012 Added by:David Navetta
As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...
Comments (0)
Creating Sustainable Compliance Performance
February 16, 2012 Added by:Thomas Fox
Thriving employees - who are not only “satisfied and productive but also engaged in creating the future” for their organization - out produce non-thriving employees. These concepts matter within the context of promoting a culture of compliance within your organization...
Comments (0)
Information Security Relief is Spelled ISO-27001
February 15, 2012 Added by:John Verry
No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...
Comments (0)
Compliance Due Diligence Checks: Reference Interviews
February 10, 2012 Added by:Thomas Fox
Compliance evaluation is becoming a more common component of the employee selection and hiring process. Many companies now specifically include due diligence in compliance parlance when hiring senior managers or others who will hold high levels of authority...
Comments (0)
Straight Talk about Compliance from a Security Viewpoint
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
Comments (0)
Insecurity by Way of Compliance
February 08, 2012 Added by:Danny Lieberman
The US leads in data security breaches while the EU leads in data security. The EU has strong, uniform data security regulation, whereas the US has a quilt-work of hundreds of security directives where each agency has it’s own system for data security compliance...
Comments (2)
Incident Response: Have You Got a Plan?
February 06, 2012 Added by:Neira Jones
We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...
Comments (0)
Designing Security with Brand in Mind
February 06, 2012 Added by:Steven Fox, CISSP, QSA
Why is it important to deliver security services consistent with your brand? The fundamental archetype created by your brand must be supported by behaviors which confirm its relevance. Performance that is inconsistent will lead your customers to question your brand promise...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!