Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ –
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). via Visa Provides [...]
Google Apps gets FISMA-certified for government work
Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail. via Google Apps gets FISMA-certified for government work.
13 essential steps to integrating control frameworks – CSO Online
# The organization must understand which frameworks or framework elements are needed to address, at a minimum, the critical security concerns. When addressing control requirements, more is not necessarily better, and each additional control entity represents an investment in time, money, and effort. # Choose a base framework to use. An organization should identify a [...]
OMB Completes HIPAA Rules Review
The Office of Management and Budget (OMB) has finished its review of proposed rules related to changes to HIPAA privacy and security rules, meaning the rules could hit the streets this week. The OMB reports that it has concluded its regulatory review of the rules HHS sent in April. via OMB Completes HIPAA Rules Review.
NIST Revises Security Controls Bible SP 800-53A, Revision 1
NIST Special Publication 800-53 – the bible for federal government chief information security officers as well as others charged with securing their organizations IT systems – has been revised by the National Institute of Standards and Technology. NIST Tuesday issued SP 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and [...]
Auditors Fault GSA Travel System Security
Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as part of a yearly review of the agency's IT process. In the Office of the Inspector General's semiannual report to Congress, auditors said that the GSA's implementation of the E2 Solutions travel management system has [...]
New Policy Revamps Agencies’ Approach To FISMA Compliance
The White House issued new cybersecurity marching orders to government agencies Wednesday, which top officials say will help redirect government efforts from wasteful paperwork compliance toward continuous monitoring and patching and more effective cybersecurity spending…. … Agencies have been spending as much as $1,400 per page on those reports under requirements of the Federal Information [...]
OCR sets rules for sharing HIPAA breach information – FierceEMR
In a notice published Tuesday in the Federal Register, OCR spells out ways in which it will use information reported via a computer system called the Program Information Management System. The American Recovery and Reinvestment Act tightens HIPAA regulations to require healthcare organization to report breaches that may cause direct harm to the affected patients. [...]
CloudAudit targets automated risk assessment, management
CloudAudit, launched in January 2010, brings together cloud computing providers, integrators and consultants in an effort to create a common interface and namespace. The volunteer initiative aims to help with an automated risk assessment and audit of Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS) environments. via Q&A: CloudAudit targets automated risk assessment, management.
Company says 3.3 million student loan records stolen
Data on 3.3 million borrowers was stolen from a nonprofit company that helps with student loan financing. The theft occurred on March 20 or 21 from the headquarters of Educational Credit Management Corp. (ECMC), which services loans when student borrowers enter bankruptcy. The data was contained on portable media, said the organization, which is a [...]
