Items Tagged with "Compliance"


5e402abc3fedaf8927900f014ccc031f

Data Security: Spokeo in the News

June 23, 2012 Added by:Allan Pratt, MBA

“Spokeo, which compiles dossiers on consumers, agreed to pay $800,000 to settle allegations by the Federal Trade Commission that it sold personal information in violation of the law. From 2008 to 2010, Spokeo sold millions of consumer profiles to human resources departments and recruiters..."

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

The Five Most Important Reasons to Perform Network Auditing

June 21, 2012 Added by:Dan Dieterle

Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...

Comments  (3)

54a9b7b662bfb0f0445d1661d7ed180b

Suing Our Way to Better Security?

June 21, 2012 Added by:Jayson Wylie

It does not seem like the top leaders at organizations are as concerned with others' information as they might be with the bottom line. If organizations do not respond to fear of embarrassment for failing at security, should we start taking them to court to formulate better consumer protections?

Comments  (7)

44fa7dab2a22dc03b6a1de4a35b7834a

Contracts and Infosec Part 3: Processing and Data Disposal

June 21, 2012 Added by:Bill Gerneglia

The parties should also stipulate their expectations for data return or destruction upon termination of an NDA. The expectations for data return or destruction will be typically molded by a party’s desire to keep compliant with the particular data handling law or regulation to which the party is subject...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Napoleon’s Invasion of Russia and Risk Management

June 20, 2012 Added by:Thomas Fox

As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Bill Gates, the Perfect Game and Your Compliance Program

June 17, 2012 Added by:Thomas Fox

Collins has been looking at corporations for over 25 years to unlock the mystery of what makes a great company tick and discusses twelve questions that leaders must grapple with if they truly want to excel. This list is a good summary of questions that you can and should be posing to your compliance team...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Contracts and Information Security Part 2: NDAs

June 13, 2012 Added by:Bill Gerneglia

NDAs might include potential liability for unauthorized disclosure of protected personal information, privileged communications (such as lawyer-client or doctor-patient communications), national secrets, or the trade secrets of the company or business partner...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

PCI DSS and Compliance: Just a Tick Box Exercise?

June 13, 2012

According to Neira Jones, Head of Payment Security at Barclaycard, compliance should be a natural byproduct of good risk management and information security practice...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Failure Of PCI?

June 13, 2012 Added by:PCI Guru

The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...

Comments  (1)

59d9b46aa00c70238bb89056cfeb96c0

Pink Floyd’s "The Wall" and Compliance

June 12, 2012 Added by:Thomas Fox

Compliance: One of the most important things is that sometimes you just hit a brick wall. You can carefully plan a strategy, implement the planned strategy and then measure the results, but it can still fall completely flat. In other words, you hit the proverbial wall...

Comments  (0)

Ee445365f5f87ac6a6017afd9411a04a

We Hope SOC 2 Fails...

June 11, 2012

SOC 2 has the potential to unify the risk assurance industry by consolidating multiple audits, standards, and compliance requirements under one umbrella engagement. However, if the market is allowed to define anything as internal controls over financial reporting (ICFR), SOC 2 is destined to fail...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Can You Use Dropbox for Storing Healthcare Data?

June 11, 2012 Added by:Danny Lieberman

The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

PCI’s Money Making Cash Cow Not So Good for the Industry

June 07, 2012 Added by:Andrew Weidenhamer

The level of scrutiny the PCI DSS has been subject to the last couple of years has been bad enough to accentuate it with the advent of the ISA program. The false sense of confidence the ISA program gives individuals is insanely bad for the industry. Like any other certification, the test isn’t difficult..

Comments  (1)

959779642e6e758563e80b5d83150a9f

How to Keep Healthcare Secrets Online

June 06, 2012 Added by:Danny Lieberman

When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »