Compliance

FCC warns businesses: Wi-Fi blocking prohibited

By

In an attempt to put the issue to rest, the agency warned businesses against blocking guests' personal hotspots.

Don't dismiss internal data breaches as minor - they aren't!

Don't dismiss internal data breaches as minor - they aren't!

The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.

Identity requirements for risk and compliance - what you need to know

Identity is a critical component of proving compliance. Whether complying with industry regulations or security best practices, your auditors need to know who has access to what servers and data as well as who exactly did what, where and when.

PCI compliance not synonymous with security, panel says

PCI compliance not synonymous with security, panel says

By

A panel held during the annual NRF conference discussed ways that retailers could bolster security.

After FCC fine, Marriott says it won't block guests' Wi-Fi networks

By

Last October, the FCC came after Marriott with a $600,000 fine.

NJ law requires health insurance carriers to encrypt sensitive data

By

New Jersey Governor Chris Christie signed the legislation last Friday.

HITRUST adds privacy controls to Common Security Framework

By

The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.

Why compliance matters

Why compliance matters

Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.

FIDO Alliance publishes UAF, U2F specs

By

The alliance defined specifications for devices, servers and client software that will help usher in the "post password" era.

The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

TRUSTe settles FTC charges over its 'certified' privacy seals

TRUSTe settles FTC charges over its 'certified' privacy seals

By

The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.

VA falters in cybersecurity audit for 16th year

By

Veterans Affairs has failed an annual cybersecuirty audit for the 16th year in a row, a new report reveals.

Secure agile development: Why can't we all get along?

Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services.

Network care: Case study

Network care: Case study

By

When a care provider supplied laptops to its roving employees, it added a security solution to enable efficient collaboration. Greg Masters reports.

The auditor's case for continuous compliance

The auditor's case for continuous compliance

Whether it's for PCI compliance or HIPAA assessments companies follow the conventional model of point-in-time certification accompanied by a costly and painful annual review and correction process.

Google updates piracy-fighting report

By

The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.

Marriott to pay $600K fine for blocking guests' Wi-Fi networks

By

The FCC launched an investigation last year after a consumer complained of the practice.

Protecting the vault: First Financial Bank's go-to solution

Protecting the vault: First Financial Bank's go-to solution

By

Needing more than signature-based remedies, First Financial Bank found a way to close the gap between what exists and what's possible. Greg Masters reports.

EPIC files complaint with FTC against Maricopa

By

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

2014 audit and compliance ebook

2014 audit and compliance ebook

We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

By

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

By

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

PCI 2014: From compliance to security

PCI 2014: From compliance to security

The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.

After PCI DSS issues, LifeLock removes Wall mobile app

By

As a precaution, the ID theft protection service has removed the app from the App Store, Google Play, and Amazon Apps.

American Apparel settles charges over data security compliance

By

The Federal Trade Commission banned the retailer from misrepresenting its abidance in an international security framework

Columbia University, NY hospital to pay $4.8 million HIPAA fine

Columbia University, NY hospital to pay $4.8 million HIPAA fine

By

The agreement marks the largest HIPAA settlement to date.

Why the world is not ready to share sensitive information

Why the world is not ready to share sensitive information

Is there such a thing as an exchange of secure information in an insecure world?

Humana co. pays HHS $1.7 million after unencrypted laptop breach

By

A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.

Canadian privacy bill floats $100k fine per breach victim not notified

By

Introduced Tuesday, the Digital Privacy Act includes stiff penalties for organizations that fail to adequately respond to breaches.

The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US