Compliance

2014 audit and compliance ebook

2014 audit and compliance ebook

We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

By

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

By

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

PCI 2014: From compliance to security

PCI 2014: From compliance to security

The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.

After PCI DSS issues, LifeLock removes Wall mobile app

By

As a precaution, the ID theft protection service has removed the app from the App Store, Google Play, and Amazon Apps.

American Apparel settles charges over data security compliance

By

The Federal Trade Commission banned the retailer from misrepresenting its abidance in an international security framework

Columbia University, NY hospital to pay $4.8 million HIPAA fine

Columbia University, NY hospital to pay $4.8 million HIPAA fine

By

The agreement marks the largest HIPAA settlement to date.

Why the world is not ready to share sensitive information

Why the world is not ready to share sensitive information

Is there such a thing as an exchange of secure information in an insecure world?

Humana co. pays HHS $1.7 million after unencrypted laptop breach

By

A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.

Canadian privacy bill floats $100k fine per breach victim not notified

By

Introduced Tuesday, the Digital Privacy Act includes stiff penalties for organizations that fail to adequately respond to breaches.

The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Companies settle over false data security framework compliance claims

By

The Federal Trade Commission has charged 12 companies with falsely claiming to comply with the U.S.-EU Safe Harbor Framework.

The changing face of data protection

The changing face of data protection

Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.

2013 Industry Innovators: Security infrastructure

2013 Industry Innovators: Security infrastructure

By

GRC is at once the biggest pain point (arguably) of most large organizations and the most important task that does not usually get done right.

PCI council publishes updated payment security standards

By

Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.

Don't forget forgotten passwords

Don't forget forgotten passwords

One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.

Clutter in the airwaves: Mobile payment security

Clutter in the airwaves: Mobile payment security

By

While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton.

First P2P encryption solution gets PCI council seal of approval

By

So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.

How to breeze through your next compliance audit

How to breeze through your next compliance audit

In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.

Toeing the line...across sectors

Toeing the line...across sectors

A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.

Compliance deadline on HIPAA rules brings expanded responsibilities for third parties handling data

By

Business associates of HIPAA-covered entities are now legally bound to follow the same guidelines when securing patients' protected health information.

Three's company: Governance, risk and compliance

Three's company: Governance, risk and compliance

By

The promise of governance, risk and compliance technology is alluring, but getting it to work effectively is a different story, reports Alan Earls.

Cover those blind spots: Establishing protocols that go beyond compliance

Cover those blind spots: Establishing protocols that go beyond compliance

Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.

Biting the silver bullet: Protecting corporate assets

Biting the silver bullet: Protecting corporate assets

There are a few key things every business should consider to truly improve data security.

PCI DSS 3.0 is a start, but more changes are needed

PCI DSS 3.0 is a start, but more changes are needed

The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.

Facebook now documents requests for information it receives from governments

Facebook now documents requests for information it receives from governments

By

Facebook has released its first-ever transparency report, a document breaking down the number of worldwide government requests for data on users. Not surprisingly, the U.S. is far and away the leader.

PCI Council previews changes to data security standards

PCI Council previews changes to data security standards

By

The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.

Data breach numbers don't lie: How organizations can protect against accidental data loss

Data breach numbers don't lie: How organizations can protect against accidental data loss

To effectively mitigate mobile risk, organizations should employ the same content security capabilities, and ideally leverage the same content policies and rules in mobile environments.

White House offers incentives for critical infrastructure companies participating in cyber security program

By

The tentative list of incentives would entice companies to participate in the "Cyber Security Framework," a measure that aims to help the nation stave off industrial attacks.

Understanding parallax and convergence to improve security

Understanding parallax and convergence to improve security

To address today's threats, companies require a high degree of convergent perspective, information expertise, and coordination between personnel and groups.

Sign up to our newsletters

POLL