Items Tagged with "Regulation"


0a8cae998f9c51e3b3c0ccbaddf521aa

Cybersecurity Act of 2012 - Cybersecurity Collides with Risk

February 19, 2012 Added by:Rafal Los

This is just a chance to create some new regulatory-agency office, hire a bunch of new auditors, attorneys, experts, and waste more time rather than actually making critical infrastructure more risk-averse...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

We Have Every Right to be Furious about ACTA

February 13, 2012 Added by:Electronic Frontier Foundation

While ACTA was only negotiated between a few countries, it has global consequences. First because it will create new rules for the Internet, and second because its standards will be applied to other countries through the U.S.’s annual Special 301 process...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Why Data Security Regulation is Bad

February 11, 2012 Added by:Danny Lieberman

The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Straight Talk about Compliance from a Security Viewpoint

February 09, 2012 Added by:Rafal Los

Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Insecurity by Way of Compliance

February 08, 2012 Added by:Danny Lieberman

The US leads in data security breaches while the EU leads in data security. The EU has strong, uniform data security regulation, whereas the US has a quilt-work of hundreds of security directives where each agency has it’s own system for data security compliance...

Comments  (2)

5e402abc3fedaf8927900f014ccc031f

How Will Facebook’s IPO Impact Online Privacy?

February 02, 2012 Added by:Allan Pratt, MBA

The dramatic shift away from protecting confidential data is due to “the Facebook era.” While we’ve all met new friends and reconnected with family members, the reality is that thieves are out there devising innovative ways to steal our identities and confidential data...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

ISO 27001 and HITRUST for Healthcare Organizations

January 23, 2012 Added by:John Verry

HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

WOMMA Releases Social Media Marketing Privacy Guidelines

January 19, 2012 Added by:Headlines

WOMMA applauds the FTC's efforts at making transparency a key point. While it is not yet clear what effect these developments have had on the online marketing industry - we appreciate the agency's efforts to allow industry leaders to develop self-regulatory initiatives...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Five FFIEC Compliance Tips For Banks

January 10, 2012 Added by:Robert Siciliano

“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

GSA Final Rule Requires Vendor Proof of Security

January 10, 2012 Added by:Headlines

The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...

Comments  (1)

37d5f81e2277051bc17116221040d51c

FFIEC Banking Security Guidelines In Effect Soon

January 05, 2012 Added by:Robert Siciliano

The FFIEC updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Medical Device Security: Killed by Code

January 04, 2012 Added by:Danny Lieberman

I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device)...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Hacktivism: The End Result Versus the End Goal

December 31, 2011 Added by:Rafal Los

Unless your cave doesn't get the news, you've seen the barrage of and hacking over the past several months. If experience teaches us anything these folks are holding the final nail in the coffin of Internet freedom as it's driven in by the government they fear...

Comments  (0)

Fe3139b2aae983885565da7757da08a8

Chatting With An Auditor About Credit Union Compliance

December 16, 2011 Added by:Ed Moyle

Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...

Comments  (0)

Fe3139b2aae983885565da7757da08a8

Google Wallet and the Edge of PCI’s Regulatory Map

December 14, 2011 Added by:Ed Moyle

Folks might object to sensitive data being stored in cleartext within Google Wallet - I sure do - but the problem isn't so much Google Wallet but instead the fact that mobile devices are blurring the lines between what's a payment application and what's not...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »