13 essential steps to integrating control frameworks – CSO Online
# The organization must understand which frameworks or framework elements are needed to address, at a minimum, the critical security concerns. When addressing control requirements, more is not necessarily better, and each additional control entity represents an investment in time, money, and effort. # Choose a base framework to use. An organization should identify a [...]
OMB Completes HIPAA Rules Review
The Office of Management and Budget (OMB) has finished its review of proposed rules related to changes to HIPAA privacy and security rules, meaning the rules could hit the streets this week. The OMB reports that it has concluded its regulatory review of the rules HHS sent in April. via OMB Completes HIPAA Rules Review.
Comply And/Or Die: Conforming With Multiple Regulations — Compliance — InformationWeek
… When we asked the 379 respondents to our InformationWeek Analytics survey on regulatory compliance how many requirement sets their organizations are addressing, the No. 1 answer was four or more, at 35%. via Comply And/Or Die: Conforming With Multiple Regulations — Compliance — InformationWeek.
New proposed regulations in the US #Compliance #GRC
New legislation continues to pass at a fast clip in the US under the new administration, some of the most revealing actions taken so far include: May 20, 2009 – President Obama signed the Fraud Enforcement and Recovery Act of 2009. June 12, 2009 – United States Congressman Gary Peters introduced his Shareholder Empowerment Act [...]
SAS 70 audits and PCI DSS: Four critical keys for cost-effective compliance
SAS 70 audits and PCI DSS assessments are fast becoming two of the most widely recognized and “must have” compliance initiatives for many businesses in today’s growing regulatory environment. Sarbanes Oxley, HIPAA, and other federally mandated legislative acts have pushed Statement on Auditing Standards No. 70 (SAS 70) into the forefront of compliance. Similarly, the [...]
Unseen communications violate PCI DSS compliance | OUT-LAW.COM
One of the key requirements for compliance with PCI DSS (the Payment Card Industry Data Security Standard) is that organisations block all non-approved channels of communication, screen all traffic and prohibit direct routes for inbound and outbound internet traffic. The trouble is many organisations forget about the communication traffic they cannot see, ones that use [...]
International Challenges in PCI Security | ITworld
December 9, 2008, 01:01 PM — CSO — In a country that’s seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective. In the process, companies tend to forget that PCI compliance has been a recipe for international indigestion. “Remember that credit cards are [...]
How to Maximize Your IT Security Budget
Sophisticated cyber criminals have followed businesses into the online world; they now can steal everything from intellectual property to credit cards en masse. And that’s just the start Add social security numbers, addresses, and other personally identifying information to the list and you can essentially reconstruct and hijack entire identities. What’s worse is that cybercriminals [...]
The Forrester Blog For Security & Risk Professionals
Thomson Reuters Gets A Jump On Holiday Shopping, Acquires Paisley Keep an eye out in the next week for Forrester’s GRC Trends 2009 report, which will take a look at how a decidedly rocky end of 2008 will impact those responsible for various aspects of corporate governance, risk management, compliance, audit, and finance… [...]
CISOs ponder new FISMA requirements
A bill that would amend the Federal Information Security Management Act (FISMA) could pass during the next session of Congress, and chief information security officers are wondering what more FISMA requirements might mean for them. Legislation to amend the current FISMA requirements cleared the Senate Homeland Security and Governmental Affairs Committee earlier this year. The [...]
