GRC goes into the Cloud – Express Computer
eGestalt has announced the availability of SecureGRC, a solution that provides an end-to-end integration of security monitoring with IT-Governance, Risk Management and Compliance (IT-GRC) management solutions using a cloud-based delivery model. via GRC goes into the Cloud – Express Computer.
SEC Approves Enhanced Disclosure About Risk, Compensation and Corporate Governance
In particular, the new rules require disclosures in proxy and information statements about: * The relationship of a company’s compensation policies and practices to risk management. via Press Release: SEC Approves Enhanced Disclosure About Risk, Compensation and Corporate Governance; 2009-268; Dec. 16, 2009.
ISO 31000 Risk management
By now, many of you have read the newly released ISO 31000 Risk management — Principles and guidelines standard. (Others may have seen its release draft or be familiar with its predecessor the AS/NZS 4360 standard.) It provides a well-written, step-by-step guide to risk management processes that can be applied to whole organizations, or any [...]
ISACA to host IT security conference in Las Vegas |
The role of the IT security professional has expanded from securing an enterprise’s information to also managing the associated risk. ISACA has responded by offering the new Information Security and Risk Management Conference, which combines the most timely material from two of ISACA’s well-regarded security-related conferences. ISACA, a nonprofit association serving 86,000 IT governance professionals, [...]
Is IT Risk Management Compatible With ERM?
But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see their biggest risks showing up on the corporate risk register. via The Forrester Blog For [...]
PCI DSS Incident Response: The Legal Perspective #PCI
The SANS Institute InfoSec Reading Room recently published an article by Christian J. Moldes entitled PCI DSS and Incident Handling: What is required before, during and after an incident. Moldes’ whitepaper is a good starting point for developing an incident response plan to address payment card security breaches. The paper hits upon the key aspects [...]
InfoSecCompliance.com – Technology, Privacy and Security Law & Risk Management » Blog Archive » PCI Service Provider Contracting
One of the key areas I get involved in is service provider relationships, and in particular section 12.8 of PCI and service provider contracts. There are many aspects of 12.8 (and its subsections) that are potentially ambiguous and open to interpretation, but this particular article is not going to focus on those. This post concerns [...]
American Recovery & Reinvestment Act Significantly Impacts HIPAA – Mayer Brown – 14/03/2009, Information Security & Risk Management, Information Technology Law, Data Protection, Pharmaceutical, Healthcare & Life Sciences, Healthcare
United States: American Recovery & Reinvestment Act Significantly Impacts HIPAA 14 March 2009 Article by Debra Bogo-Ernst, Rebecca Eisner Jeffrey P. Taft, and A. John P. Mancini Originally published March 12, 2009 Keywords: American Recovery & Reinvestment Act, ARRA, Health Insurance Portability and Accountability Act, HIPAA, HITECH Act, Covered Entities, Business Associates, direct liability The [...]
NIST releases draft guidelines for FISMA compliance
The National Institute of Standards and Technology (NIST) on Thursday released new guidelines to help federal agencies comply with the Federal Information Security Management Act (FISMA). The document, titled “Recommended Security Controls for Federal Information Systems and Organizations,” is in its third revision, but this is the first major update since its initial publication in [...]
Palo Alto Networks Hosting Webinar with Forrester on PCI Audit Process
Jan 29, 2009 (Close-Up Media via COMTEX) – Palo Alto Networks will host a webinar with Forrester Research Security and Risk Management Analyst, John Kindervag on Tuesday, February 10 at 10 a.m. PST, 1 p.m. EST. PCI audits are often daunting, both in scope of effort and associated costs, and this informative webinar will review [...]
