Items Tagged with "Compliance"


Hewlett Packard and Lots of FCPA Red Flags

July 17, 2010 Added by:Thomas Fox

In April 2010 the Wall Street Journal reported that HP’s German subsidiary made payments to agents which eventually ended up in the hands of some unknown Russians, in order to obtain the contract to supply computers to the Russian Prosecutor’s Office...

Comments  (0)


How to get certified against ISO 27001?

June 23, 2010 Added by:Dejan Kosutic

You have been implementing ISO 27001 for quite a long time, invested quite a lot in education, consultancy and implementation of various controls. Now comes the auditor from a certification body - will you pass the certification?

Comments  (1)


Reducing the Cost of Compliance

June 22, 2010 Added by:Bryan Miller

The American Heritage dictionary defines compliance as "The act of complying with a wish, request, or demand; acquiescence". When you think of complying with something, do you normally consider it a wish? So, would paying my taxes indicate I'm complying with the Federal government's wish that I pay my taxes, or is it a demand?

Comments  (0)


DOJ on an Effective FCPA Compliance Program

June 19, 2010 Added by:Thomas Fox

At the recent Compliance Week 2010 Annual Conference one of the issues discussed by Assistant Attorney General, for the Criminal Division of the US Department of Justice, Lanny Breuer, was what the Department of Justice (DOJ) might consider as an “effective compliance and ethics program” under the Foreign Corrupt Practices Act (FCPA), if a FCPA violation occurs and a company’s compliance pro...

Comments  (0)


Compliance != Security

June 17, 2010 Added by:Gaurav Kumar

In this post I am going to express my disappointment with a disturbing trend - more focus is being given to compliance than security. I don't have anything personal against compliance, in fact, in my last job, I was IT Audit Manager and performed compliance related audits. While compliance is necessary and important, it is not sufficient from security perspective. One can be in compliance and stil...

Comments  (4)


DOJ Weighs-In at Compliance Week

June 03, 2010 Added by:Thomas Fox

Assistant Attorney General for the Criminal Division of the U.S. Department of Justice (DOJ), Lanny Breuer gave the final day’s keynote speech at the Compliance Week 2010 Conference.

Comments  (0)


Anton Chuvakin's Compliance Mega-Epiphany

June 01, 2010 Added by:Anton Chuvakin

After spending a week at an amazing Project Honeynet  2010 Annual “Get-together” in Mexico City, I realized that the workshop environment was missing one big thing: nobody ever mentioned COMPLIANCE (!!!).

Comments  (0)


Compliance or Security?

May 25, 2010 Added by:Mark Gardner

In recent days I have read a few comments like "that's compliance, not security." This has puzzled me. When did the two become divorced? In the interests of full disclosure and for those who have not read anything I have written before, I am an Information Security Auditor, specialising in ISO27001, but I also Audit against other Standards and company policies.

Comments  (11)


Dealing with ISO 27001 & BS 25999-2 Internal Audits

May 20, 2010 Added by:Dejan Kosutic

If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should I employ to do it? It is such a waste of time…

Comments  (0)


Hewlett-Packard, Watergate and the FCPA

May 18, 2010 Added by:Thomas Fox

It has been many years since Watergate and the many lasting legacies which occurred from that break-in of the Democratic National Committee. Indeed one of those legacies is the Foreign Corrupt Practices Act (FCPA) itself. This article will focus on one of the more mundane legacies, that of the “Watergate deposition”, which was, for those of us who were riveted by the hearings of the ...

Comments  (0)


FCPA Compliance and Continuous Controls Monitoring

May 09, 2010 Added by:Thomas Fox

In a 2008 speech to the Texas General Counsel Forum, former United States Deputy Attorney General Paul McNulty provided his perspective on Foreign Corrupt Practices Act (FCPA) compliance investigations and the Department of Justice (DOJ) enforcement actions. From his experience as the former second highest-ranking official in the DOJ and the chairman of the President’s Corporate Fraud Task Fo...

Comments  (0)


The Tao of GRC for CISOs and CSOs

March 25, 2010 Added by:Danny Lieberman

The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending . 

Comments  (2)


Need to consolidate information security compliance efforts? Try open source.

March 12, 2010 Added by:Ted LeRoy

Many organizations have to comply with multiple regulatory requirements for their information security infrastructures.  Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA),  Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in c...

Comments  (0)

From the Web

A rise in cyber attacks by one third saw 100 per cent of enterprises experience cyber losses in 2009

February 25, 2010 from: Saumil's Infosec Blog

According to Symantec's 2010 State of Enterprise Security study, 75 per cent of enterprises experienced cyber attacks in the last 12 months and 36 per cent rated the attacks somewhat/highly effective. Also, there was a 29 per cent rise in reported attacks in the last 12 months.

Comments  (0)


Mitigating Risks by Leveraging a Core Business Process

October 20, 2009 Added by:Mike Cuppett

When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.

Comments  (0)

From the Web

Cloud/SaaS will do for websites what PCI-DSS has not

October 02, 2009 from: Jeremiah Grossman's Blog

If a would-be Cloud/Software-as-a-Service (SaaS) customer is concerned about security, and they should be since their business is on the line, then security should be the vendors concern as well. Unless the Cloud/SaaS vendor is able to meet a customer’s minimum requirements, they risk losing the business to a competitor who can.

Comments  (1)

Page « < 32 - 33 - 34 - 35 - 36 > »