Items Tagged with "Compliance"
May 25, 2010 Added by:Mark Gardner
In recent days I have read a few comments like "that's compliance, not security." This has puzzled me. When did the two become divorced? In the interests of full disclosure and for those who have not read anything I have written before, I am an Information Security Auditor, specialising in ISO27001, but I also Audit against other Standards and company policies.
May 20, 2010 Added by:Dejan Kosutic
If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should I employ to do it? It is such a waste of time…
May 18, 2010 Added by:Thomas Fox
It has been many years since Watergate and the many lasting legacies which occurred from that break-in of the Democratic National Committee. Indeed one of those legacies is the Foreign Corrupt Practices Act (FCPA) itself. This article will focus on one of the more mundane legacies, that of the “Watergate deposition”, which was, for those of us who were riveted by the hearings of the ...
May 09, 2010 Added by:Thomas Fox
In a 2008 speech to the Texas General Counsel Forum, former United States Deputy Attorney General Paul McNulty provided his perspective on Foreign Corrupt Practices Act (FCPA) compliance investigations and the Department of Justice (DOJ) enforcement actions. From his experience as the former second highest-ranking official in the DOJ and the chairman of the President’s Corporate Fraud Task Fo...
March 25, 2010 Added by:Danny Lieberman
The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending .
March 12, 2010 Added by:Ted LeRoy
Many organizations have to comply with multiple regulatory requirements for their information security infrastructures. Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in c...
From the Web
A rise in cyber attacks by one third saw 100 per cent of enterprises experience cyber losses in 2009
February 25, 2010 from: Saumil's Infosec Blog
According to Symantec's 2010 State of Enterprise Security study, 75 per cent of enterprises experienced cyber attacks in the last 12 months and 36 per cent rated the attacks somewhat/highly effective. Also, there was a 29 per cent rise in reported attacks in the last 12 months.
October 20, 2009 Added by:Mike Cuppett
When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.
From the Web
October 02, 2009 from: Jeremiah Grossman's Blog
If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.