Regulatory Compliance Software Information PCI SOX FISMA GLBA ISO 17799 27002 HIPAA GRC

Making PCI Stand For Coordination & Impact : Daniel Wallace

Posted by compliancesoftware on June 30, 2009 No comments

Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement.

Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand.

For example, a merchant that processes 2 million credit card transactions will not necessarily be a Level 2 retailer. What matters for purposes of this requirement is the number of MasterCard transactions. You may have 800,000 MasterCard transactions, 600,000 Visa transactions, and 600,000 transactions with American Express.

via Making PCI Stand For Coordination & Impact : Information Security Resources.

Q&A: No alternative to PCI, security council chief insists #PCI

Posted by compliancesoftware on June 30, 2009 No comments

Russo stoutly defended the standard and said that despite questions about its effectiveness, there’s no alternative when it comes to protecting payment card data.

via Q&A: No alternative to PCI, security council chief insists – Network World.

FISMA—a roadblock for EHRs?

Posted by compliancesoftware on June 30, 2009 No comments

The new worry from CMS, according to Government Health IT, is that healthcare providers sharing EHR files will be required to meet FISMA standards, which include an annual security test and FISMA certification.

via FISMA—a roadblock for EHRs? – OhMyGov! – General News.

Trojan Swipes FTP Credentials for Major Companies in Malware Attack

Posted by compliancesoftware on June 29, 2009 No comments

Security researchers have uncovered a cache of stolen FTP credentials belonging to a variety of corporations, including Symantec, McAfee, Amazon and the Bank of America.

via Trojan Swipes FTP Credentials for Major Companies in Malware Attack.

Improved FISMA scores don’t add up to better security, auditor says

Posted by compliancesoftware on June 29, 2009 No comments

Improved FISMA scores don’t add up to better security, auditor says

GAO official says metrics generally don’t measure how well security controls are established

via Improved FISMA scores don’t add up to better security, auditor says — Federal Computer Week.

IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering

Posted by compliancesoftware on June 26, 2009 No comments

A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry’s discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.

via IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering.

Out of business, Clear may sell customer data – Network World

Posted by compliancesoftware on June 26, 2009 No comments

Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else’s hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

via Out of business, Clear may sell customer data – Network World.

Now this is interesting – you pay a company a annual fee (in this case $199) and then give them your sensitive data (very sensitive data), then they think it is THEIR data and just feel they have a right to SELL it – simply amazing world we live in …

New proposed regulations in the US #Compliance #GRC

Posted by compliancesoftware on June 26, 2009 No comments

New legislation continues to pass at a fast clip in the US under the new administration, some of the most revealing actions taken so far include:

May 20, 2009 – President Obama signed the Fraud Enforcement and Recovery Act of 2009.
June 12, 2009 – United States Congressman Gary Peters introduced his Shareholder Empowerment Act to the House.
June 17, 2009 – President Obama outlined plans for more sweeping reform of financial regulations that would aim to consolidate supervision over all firms that pose a risk to the financial system as a whole.

more at The Forrester Blog For Security & Risk Professionals.

PCI Security Standards Council Selects PricewaterhouseCoopers for Emerging Technology Review and Recommendations Project #PCI

Posted by compliancesoftware on June 25, 2009 No comments

PricewaterhouseCoopers LLP (PwC) has been awarded a research project by the PCI Security Standards Council (SSC). PwC will perform industry research to support the PCI SSC in determining which technology approaches may be available to help merchants, service providers and processors more effectively secure cardholder data in accordance with the various Standards released by the Council.

via PCI Security Standards Council Selects PricewaterhouseCoopers for Emerging Technology Review and Recommendations Project.