Items Tagged with "Compliance"


59d9b46aa00c70238bb89056cfeb96c0

DOJ on an Effective FCPA Compliance Program

June 19, 2010 Added by:Thomas Fox

At the recent Compliance Week 2010 Annual Conference one of the issues discussed by Assistant Attorney General, for the Criminal Division of the US Department of Justice, Lanny Breuer, was what the Department of Justice (DOJ) might consider as an “effective compliance and ethics program” under the Foreign Corrupt Practices Act (FCPA), if a FCPA violation occurs and a company’s compliance pro...

Comments  (0)

E9a8f256f4904b06246375df06a8864b

Compliance != Security

June 17, 2010 Added by:Gaurav Kumar

In this post I am going to express my disappointment with a disturbing trend - more focus is being given to compliance than security. I don't have anything personal against compliance, in fact, in my last job, I was IT Audit Manager and performed compliance related audits. While compliance is necessary and important, it is not sufficient from security perspective. One can be in compliance and stil...

Comments  (4)

59d9b46aa00c70238bb89056cfeb96c0

DOJ Weighs-In at Compliance Week

June 03, 2010 Added by:Thomas Fox

Assistant Attorney General for the Criminal Division of the U.S. Department of Justice (DOJ), Lanny Breuer gave the final day’s keynote speech at the Compliance Week 2010 Conference.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Anton Chuvakin's Compliance Mega-Epiphany

June 01, 2010 Added by:Anton Chuvakin

After spending a week at an amazing Project Honeynet  2010 Annual “Get-together” in Mexico City, I realized that the workshop environment was missing one big thing: nobody ever mentioned COMPLIANCE (!!!).

Comments  (0)

1f2f664e68a603b3c54890fbbcd37857

Compliance or Security?

May 25, 2010 Added by:Mark Gardner

In recent days I have read a few comments like "that's compliance, not security." This has puzzled me. When did the two become divorced? In the interests of full disclosure and for those who have not read anything I have written before, I am an Information Security Auditor, specialising in ISO27001, but I also Audit against other Standards and company policies.

Comments  (11)

9259e8d30306ac2ef4c5dd1936e67634

Dealing with ISO 27001 & BS 25999-2 Internal Audits

May 20, 2010 Added by:Dejan Kosutic

If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should I employ to do it? It is such a waste of time…

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Hewlett-Packard, Watergate and the FCPA

May 18, 2010 Added by:Thomas Fox

It has been many years since Watergate and the many lasting legacies which occurred from that break-in of the Democratic National Committee. Indeed one of those legacies is the Foreign Corrupt Practices Act (FCPA) itself. This article will focus on one of the more mundane legacies, that of the “Watergate deposition”, which was, for those of us who were riveted by the hearings of the ...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

FCPA Compliance and Continuous Controls Monitoring

May 09, 2010 Added by:Thomas Fox

In a 2008 speech to the Texas General Counsel Forum, former United States Deputy Attorney General Paul McNulty provided his perspective on Foreign Corrupt Practices Act (FCPA) compliance investigations and the Department of Justice (DOJ) enforcement actions. From his experience as the former second highest-ranking official in the DOJ and the chairman of the President’s Corporate Fraud Task Fo...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Tao of GRC for CISOs and CSOs

March 25, 2010 Added by:Danny Lieberman

The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending . 

Comments  (2)

E4b33dbe234685965beb3e9f2a0ad456

Need to consolidate information security compliance efforts? Try open source.

March 12, 2010 Added by:Ted LeRoy

Many organizations have to comply with multiple regulatory requirements for their information security infrastructures.  Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA),  Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in c...

Comments  (0)


From the Web

A rise in cyber attacks by one third saw 100 per cent of enterprises experience cyber losses in 2009

February 25, 2010 from: Saumil's Infosec Blog

According to Symantec's 2010 State of Enterprise Security study, 75 per cent of enterprises experienced cyber attacks in the last 12 months and 36 per cent rated the attacks somewhat/highly effective. Also, there was a 29 per cent rise in reported attacks in the last 12 months.

Comments  (0)

B038fefd7a19c26505d1f0671609d8ce

Mitigating Risks by Leveraging a Core Business Process

October 20, 2009 Added by:Mike Cuppett

When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.

Comments  (0)


From the Web

Cloud/SaaS will do for websites what PCI-DSS has not

October 02, 2009 from: Jeremiah Grossman's Blog

If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.

Comments  (1)

1edd33b030fca4ea748c10bae11a7946

Compliance as a Service

October 01, 2009 Added by:Bob Broda

CaaS would be a value added service that would attract plenty of customers. But how real is the likelihood of this service being offered? There are a number of issues associated the CaaS concept:

Comments  (0)

Page « < 31 - 32 - 33 - 34 - 35 > »