The National Institute of Standards and Technology has released a draft of its guidelines for implementing enterprisewide information risk management. The document defines the underlying principles for implementing the Federal Information Security Management Act.
On Tuesday, December 7, the House by voice vote joined the Senate in passage of S.3987, the Red Flag Program Clarification Act of 2010. On November 30, 2010, the Senate passed this legislation by unanimous consent. The bill has been cleared to the White House for signature.
What’s interesting is that the criminals are now using cryptographic technology to protect the card information they steal, and that’s posing challenges for detection and law enforcement
The PCI Security Standards Council, as expected, has officially declared it will not sign off on any mobile application for quite some time. If it helps, the Council added that mobile “will be a key focus for the Council in 2011.”
Google is claiming that it was not given a chance to bid on a cloud-computing project for the U.S. Department of Agriculture, for which the contract was awarded to rival Microsoft.
On the heels of Forrester’s GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research with GRC vendors, buyers, and users, this paper highlights the aggressive regulatory environment and greater attention to risk management as drivers for change
People are always asking me why complying with the PCI standards is important as in, “What’s in it for my company?” So I thought I would take a known, documented breach and walk through where PCI compliance would have made a difference
One out of every two IT security professionals spends 50% of the work week on regulatory compliance initiatives, according to a new survey.
Amazon Web Services LLC AWS, a subsidiary of Amazon.com recently announced it has achieved Level 1 compliance with the Payment Card Industry PCI Data Security Standard DSS. Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. Customers can use AWS cloud infrastructure
As of today’s posting by OCR on its Website, there were 200 breaches involving 5,887,170 individuals that had been reported by covered entities. The dates of these breaches ranged from September 22, 2009 to October 17, 2010.