ISACA to host IT security conference in Las Vegas |

Posted by compliancesoftware on July 28, 2009 | Comments (0) | Trackbacks (0)

The role of the IT security professional has expanded from securing an enterprise’s information to also managing the associated risk. ISACA has responded by offering the new Information Security and Risk Management Conference, which combines the most timely material from two of ISACA’s well-regarded security-related conferences.
ISACA, a nonprofit association serving 86,000 IT governance professionals, will [...]

Tags: , , , , ,
Categories: Uncategorized

Is IT Risk Management Compatible With ERM?

Posted by compliancesoftware on July 22, 2009 | Comments (0) | Trackbacks (0)

But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see their biggest risks showing up on the corporate risk register.
via The Forrester Blog For Security [...]

Tags: , , ,
Categories: Uncategorized

PCI DSS Incident Response: The Legal Perspective #PCI

Posted by compliancesoftware on July 9, 2009 | Comments (0) | Trackbacks (0)

The SANS Institute InfoSec Reading Room recently published an article by Christian J. Moldes entitled PCI DSS and Incident Handling: What is required before, during and after an incident. Moldes’ whitepaper is a good starting point for developing an incident response plan to address payment card security breaches. The paper hits [...]

Tags: , , , , , , , , ,
Categories: PCI

InfoSecCompliance.com – Technology, Privacy and Security Law & Risk Management » Blog Archive » PCI Service Provider Contracting

Posted by compliancesoftware on June 12, 2009 | Comments (0) | Trackbacks (0)

One of the key areas I get involved in is service provider relationships, and in particular section 12.8 of PCI and service provider contracts. There are many aspects of 12.8 (and its subsections) that are potentially ambiguous and open to interpretation, but this particular article is not going to focus on those. This [...]

Tags: , , , , , ,
Categories: PCI

American Recovery & Reinvestment Act Significantly Impacts HIPAA – Mayer Brown – 14/03/2009, Information Security & Risk Management, Information Technology Law, Data Protection, Pharmaceutical, Healthcare & Life Sciences, Healthcare

Posted by compliancesoftware on March 15, 2009 | Comments (0) | Trackbacks (0)

United States: American Recovery & Reinvestment Act Significantly Impacts HIPAA
14 March 2009
Article by Debra Bogo-Ernst, Rebecca Eisner Jeffrey P. Taft, and A. John P. Mancini
Originally published March 12, 2009
Keywords: American Recovery & Reinvestment Act, ARRA, Health Insurance Portability and Accountability Act, HIPAA, HITECH Act, Covered Entities, Business Associates, direct liability
The American Recovery & Reinvestment Act [...]

Tags: , , , , , , , , ,
Categories: HIPAA

NIST releases draft guidelines for FISMA compliance

Posted by compliancesoftware on February 6, 2009 | Comments (0) | Trackbacks (0)

The National Institute of Standards and Technology (NIST) on Thursday released new guidelines to help federal agencies comply with the Federal Information Security Management Act (FISMA).
The document, titled “Recommended Security Controls for Federal Information Systems and Organizations,” is in its third revision, but this is the first major update since its initial publication in December [...]

Tags: , , , , , , , , ,
Categories: FISMA

Palo Alto Networks Hosting Webinar with Forrester on PCI Audit Process

Posted by compliancesoftware on January 30, 2009 | Comments (0) | Trackbacks (0)

Jan 29, 2009 (Close-Up Media via COMTEX) –
Palo Alto Networks will host a webinar with Forrester Research Security and Risk Management Analyst, John Kindervag on Tuesday, February 10 at 10 a.m. PST, 1 p.m. EST.
PCI audits are often daunting, both in scope of effort and associated costs, and this informative webinar will review how to [...]

Tags: , , , , , , , , , ,
Categories: PCI

The Forrester Blog For Security & Risk Professionals

Posted by compliancesoftware on December 9, 2008 | Comments (0) | Trackbacks (0)

 

Thomson Reuters Gets A Jump On Holiday Shopping, Acquires Paisley
 
Keep an eye out in the next week for Forrester’s GRC Trends 2009 report, which will take a look at how a decidedly rocky end of 2008 will impact those responsible for various aspects of corporate governance, risk management, compliance, audit, and finance… as well as [...]

Tags: , , , , , , , , ,
Categories: GRC

PCI’s Post-Audit Pain Points

Posted by compliancesoftware on December 9, 2008 | Comments (0) | Trackbacks (0)

hose who thought their PCI security challenges would be over after the first passing compliance audit say they continue to be dogged by the same problems that caused pain in the beginning.
For Jennifer Atwell, point-of-sale and communication support manager at Apple Gold Group, log management continues to be a pesky nuisance.
“Log management, while necessary, has [...]

Tags: , , , , , , , , , , ,
Categories: PCI

ITWeb :PCI standards must be adopted

Posted by compliancesoftware on November 26, 2008 | Comments (0) | Trackbacks (0)

PCI standards must be adopted
BY AUDRA MAHLONG , JOURNALIST
[ Johannesburg, 26 November 2008 ] – Symantec has called on South African businesses to widely adopt the Payment Card Industry (PCI) Data Security Standard as a way of improving card security.
Compliance is an essential part of risk management, says Errol Rhoden, IT governance, risk and compliance [...]

Tags: , , , , , , , , , , , , , , ,
Categories: PCI
Next Page