Author Archive
Forrester Research Podcast
Robert Whiteley and Chris McClean “The GRC Technology Puzzle: Getting All The Pieces To Fit” via Forrester Research.
Fighting Fraud with the Red Flags Rule
Are you complying with the Red Flags Rule? The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations. Are you covered by the Red Flags Rule? Read Fighting Fraud with [...]
PCI Compliance: Frequently Asked Questions
Payment card industry compliance is confusing for many ecommerce merchants. But it potentially affects every merchant that accepts credit cards payments. Failure to understand the PCI compliance standards could result in higher merchant account fees and fines from the credit card issuers. Merchants oftentimes have similar general questions on PCI compliance. We posed some of [...]
HIPAA New Compliance Aggressive Enforcement
Buried within the Economic Stimulus Bill is the Health Information Technology for Economic and Clinical Health HITECH Act. In addition to billions for health information technology, HITECH contains far-reaching changes to privacy and security regulation under the Health Insurance Portability and Accountability Act HIPAA. The Internet is abuzz with analyses of these new provisions. But [...]
American Recovery & Reinvestment Act Significantly Impacts HIPAA – Mayer Brown – 14/03/2009, Information Security & Risk Management, Information Technology Law, Data Protection, Pharmaceutical, Healthcare & Life Sciences, Healthcare
United States: American Recovery & Reinvestment Act Significantly Impacts HIPAA 14 March 2009 Article by Debra Bogo-Ernst, Rebecca Eisner Jeffrey P. Taft, and A. John P. Mancini Originally published March 12, 2009 Keywords: American Recovery & Reinvestment Act, ARRA, Health Insurance Portability and Accountability Act, HIPAA, HITECH Act, Covered Entities, Business Associates, direct liability The [...]
Law requires health data breach notifications — Federal Computer Week
The recently enacted economic stimulus law includes new requirements for how companies must notify people of breaches to their protected health information. Some experts say the rules could lead to federal breach notification requirements for other types of data. Health data experts are still studying provisions in the $787 billion spending law that will expand [...]
PCI Council gives helping hand to merchants
PCI Council gives helping hand to merchants Prioritized Approach framework to help attain PCI DSS compliance Ian Williams, vnunet.com 04 Mar 2009 The Payment Card Industry Security Standards Council (PCI SSC) has released a new resource designed to help merchants struggling to attain compliance with the PCI Data Security Standard. The global payment industry body [...]
Identity Theft – PCI Chiefs Defend Standards, Plans – eWeek Security Watch
It’s a gross oversimplification of an utterly staggering technical and social challenge, and he knows it as well as anyone, but it’s hard to argue with PCI Security Standards Council General Manager Bob Russo’s assertion that when it comes to improving electronic data security and related matters of individual privacy, “something is much better than [...]
Hackers Crack FAA
The personal information of more than 45,000 Federal Aviation Agency employees and retirees exposed to possible identity theft. FAA reports hacked server was not connected to air traffic control system or any other FAA operational system. Just a day after President Obama ordered a comprehensive review of the government’s cyber security systems, the FAA (Federal Aviation [...]
NIST releases draft guidelines for FISMA compliance
The National Institute of Standards and Technology (NIST) on Thursday released new guidelines to help federal agencies comply with the Federal Information Security Management Act (FISMA). The document, titled “Recommended Security Controls for Federal Information Systems and Organizations,” is in its third revision, but this is the first major update since its initial publication in [...]
