eGestalt has announced the availability of SecureGRC, a solution that provides an end-to-end integration of security monitoring with IT-Governance, Risk Management and Compliance (IT-GRC) management solutions using a cloud-based delivery model.
via GRC goes into the Cloud – Express Computer.
On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council. Rutherford will steer the Council as it works with industry stakeholders to create and release new standards in 2010.
via PCI DSS Names New Chair – DarkReading.
Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the launch of a new PCI SSC micro site, providing resources to secure payment card data in eight languages.
The National Institute of Standards and Technology and the Office of Management and Budget are proposing 11 new performance metrics to guide agencies in how they measure their computer network security.
via Federal News Radio 1500 AM: OMB, NIST release draft of new FISMA metrics.
By now, many of you have read the newly released ISO 31000 Risk management — Principles and guidelines standard. (Others may have seen its release draft or be familiar with its predecessor the AS/NZS 4360 standard.)
It provides a well-written, step-by-step guide to risk management processes that can be applied to whole organizations, or any part thereof. So far, it has received well-deserved praise for its surprising brevity and consolidated value. These are especially important characteristics for a document with as lofty a goal as standardizing what it calls “an integral part of all organizational processes.”
via The Forrester Blog For Security & Risk Professionals.
The Social Security Administration needs to be more vigilant in controlling employees access to the agency’s systems, according to a new audit.
The auditors examined SSA’s compliance with the Federal Information Security Management Act (FISMA) in fiscal 2009. Overall, the agency passed the test, generally fulfilling federal requirements, according to the audit released by SSA Inspector General Patrick O’Carroll.
via SSA should keep a close eye on computer access, IG says — Federal Computer Week.
Every three years, agencies submit reports to the Office of Management and Budget documenting their inventory of network security vulnerabilities and the steps they’re taking to fix them.
The detailed reports — typically produced at a cost of tens of millions of dollars — often fill dozens of binders; the State Department’s last report was 95,000 pages.
John Streufert, State’s chief information security officer, printed one last month to bring to a Senate hearing. It took four days to print. “And it was outdated by the time I finished printing it,” he said.
via State Department – FederalTimes.com.
The Cyberscope system, a new tool released by The Office of Management and Budget that allows federal agencies to report FISMA compliance through an authenticated web-based reporting, is a step in that direction. “We’re moving from a manual, reporting-based, compliance-focused approach to a real-time measurement of actual cybersecurity,” said Kundra, of the “Cyberscope” system that debuted in October. “You cannot address real-time threats with a solution that’s focused on reporting requirements on a quarterly basis.”
via ExecutiveBiz Blog» Blog Archive » Vivek Kundra: Cybersecurity dashboard on its way.
The Office of Management and Budget this month unveiled an interactive collection tool called CyberScope that should help agencies fulfill their IT security reporting requirements under the Federal Information Security Management Act.
via Automated FISMA Reporting Tool Unveiled.