Compliance

Solid state: A new state data breach regulation

Greg Masters March 01, 2010

A new privacy regulation in Massachusetts evokes anxiety for many, but getting in line may prove to be no big deal, reports Greg Masters.
 

Forty percent using compensating controls to meet PCI

Dan Kaplan March 01, 2010

Forty-one percent of merchants are relying on compensating controls to meet Payment Card Industry Data Security Standard (PCI DSS) requirements, according to a survey released Monday by the Ponemon Institute and commissioned by encryption firm Thales. The survey, which polled 155 qualified security security assessors, who are charged with confirming a company's adherence to PCI. Compensating controls "may be considered for most PCI DSS requirements when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints," according to the PCI Security Standards Council. — DK
 

Is increased government regulation the answer to increased privacy protection?

Glen Kosaka, director of marketing, Trend Micro February 25, 2010

Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.
 

Security spending, DLP projects to increase

Angela Moscaritolo February 23, 2010

Information security budgets will get a boost at many organizations in 2010, according to a study released Tuesday by IT research company TheInfoPro. The study, based on interviews of 259 security decision makers at Fortune 1000 and mid-size organizations, found that 40 percent of enterprises are planning to increase their 2010 security budgets. Data leakage prevention topped the list of projects planned for 2010, followed by identity management and compliance initiatives. — AM
 

Six years later, CAN-SPAM Act leaves spam problem unresolved

Martin Lee, senior software engineer, Symantec Hosted Services February 16, 2010

In 2004 at the World Economic Forum, Bill Gates proclaimed: "Two years from now, spam will be solved." Six years later there is no indication that the spam problem will ever be solved. So what went wrong?
 

Change is constant - so is compliance

Jonathan Sander, IAM/Security analyst, Quest Software February 16, 2010

Organizations must reconsider how they respond to compliance requirements.
 

Solutionary teams up with Singapore-based e-Cop

February 01, 2010

Solutionary, provider of managed security services, has teamed up with Singapore-based e-Cop to offer a suite of security and compliance services. The companies will offer customers common security monitoring, management and compliance services and in-country support in more than 20 languages.
 

Trustwave, Symantec make acquisitions

Angela Moscaritolo January 12, 2010

Compliance management vendor Trustwave announced on Tuesday the acquisition of data encryption vendor BitArmor. Trustwave plans to integrate BitArmor's file- and full-disk encryption technology into its current data leakage prevention and endpoint security solution to help clients comply with regulations that are increasing the demand for encryption. Meanwhile, Symantec on Tuesday announced plans to buy Gideon Technologies, provider of IT risk automation, to better serve public-sector customers. Terms of both deals were not disclosed. — AM
 

The death of security assessments?

Steve Dauber, vice president of marketing, RedSeal Systems January 08, 2010

After breaches such as at Heartland Payment Systems, the time may have come for organizations to stop relying on security assessments in favor of potentially more effective risk management tactics.
 

EMC buys Archer Technologies for GRC tools

Dan Kaplan January 04, 2010

EMC on Monday acquired arguably the most successful pure-play GRC provider, Archer Technologies.
 

Recognizing the payment industry achievements of 2009 and looking ahead

Lib de Veyra, chairman, PCI Security Standards Council December 02, 2009

The chairman of the PCI Security Standards Council shares his thoughts on the payment industry's 2009 successes and looks forward to what is on the horizon to ensure the protection of credit card information.
 

Breached restaurateurs suing point-of-sale provider

Angela Moscaritolo December 02, 2009

The restaurants, located in Louisiana and Mississippi, are seeking millions of dollars in damages from Georgia-based point-of-sale vendor Radiant Systems and its distributor Computer World.
 

Compliance 2010: Turning regulatory lemons into compliance lemonade

John Capobianco, president and CEO, Lumigent Technologies November 24, 2009

Looking into my crystal ball for 2010, it looks like more companies will be making the most of a difficult regulatory situation.
 

Mass. data law finalized

Dan Kaplan November 06, 2009

The Massachusetts Office of Consumer Affairs and Business Regulation this week filed a finalized version of its data security regulations, scheduled to take effect March 1, 2010. The requirements must be followed by companies handling the personal data of Bay State residents. The final version clarifies the deadline by which companies must impose the provisions on their third-party providers. Existing contracts with these third parties must include safeguard rules by March 1, 2012, but new or updated contracts must meet the March 1, 2010 deadline. -- DK
 

FTC allows eight more months for Red Flags compliance

Dan Kaplan November 02, 2009

Enforcement of the Red Flags Rules has been put off again -- this time until next summer, at the request of Congress.
 

New ID theft rules may not pertain to small businesses

Angela Moscaritolo October 22, 2009

A new bill, passed unanimously by the U.S. House of Representatives this week, would exclude health care, accounting and legal firms with 20 or fewer employees from complying with the Red Flags Rules.
 

Visa creates guidance for merchants wanting to encrypt

Dan Kaplan October 05, 2009

Visa has taken a leading role in establishing best practices for end-to-end encryption implementation.
 

PCI Council examines merits of new technologies

Dan Kaplan September 25, 2009

Merchants, desiring an easier path to PCI compliance, may soon be encouraged to consider a number of nascent technologies that can help protect cardholder data.
 

Privacy groups blast new health care notification rule

Angela Moscaritolo September 22, 2009

Privacy advocates are questioning a provision of the new health care breach notification rule, which states that organizations only need to alert victims if they believe disclosure of the information "poses some harm."
 

Merchants encouraged to crack down on skimming

Angela Moscaritolo August 25, 2009

The organization charged with administering credit card security guidelines is offering tips to avoid "skimming" attacks.
 

Small businesses largely not PCI compliant

Angela Moscaritolo August 12, 2009

Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.
 

Energy companies say NERC standards inadequate

Angela Moscaritolo August 05, 2009

Updated: Respondents in a recent survey noted a number of issues with NERC's cybersecurity standards, including ambiguity over what they require and a need for further strengthening.
 

Red Flags delay

July 30, 2009

The Federal Trade Commission on Wednesday announced that it will, for the third time, push back the enforcement deadline of the Red Flags Rule, which requires financial institutions and creditors to develop identity theft prevention programs. The new enforcement deadline is Nov. 1. In addition, the FTC will ramp up its efforts to educate small businesses about how to comply because many are still confused about their obligations, the FTC said. — AM
 

IBM buys source-code security firm Ounce Labs

Chuck Miller July 28, 2009

IBM has acquired Waltham, Mass.-based Ounce Labs, a maker of enterprise source-code security testing software systems.
 

The convergence of eDiscovery and eCompliance

Karthik Kannan, VP, marketing and business development, Kazeon July 24, 2009

Due to the confluence of legal and compliance regulations and IT management issues, the perfect ESI storm has emerged -- and with it, the confluence of both eDiscovery and eCompliance.
 

Health care organizations unprepared for digital transition

Angela Moscaritolo July 22, 2009

Most health care organizations do not have data loss prevention technologies or a CISO, while, for many, tight security budgets and required third-party interactions pose additional challenges, according to a new study by Deloitte.
 

Report finds OMB must have bigger role in agency infosec

Angela Moscaritolo July 20, 2009

A new government report claims that U.S. federal government agencies' information security management programs are not approved or disapproved annually, as they should be under the Federal Information Security Management Act of 2002.
 

PCI clarifies procedures to secure Wi-Fi

Angela Moscaritolo July 17, 2009

With a new guidance document, the Payment Card Industry Security Standards Council aims to clarify what retailers must do to secure their Wi-Fi networks.
 

Final settlement reached in CVS HIPAA violation suit

Angela Moscaritolo June 25, 2009

CVS Caremark must implement an information security program and obtain assessments of its effectiveness every other year for 20 years to settle federal charges.
 

FTC releases FAQs on Red Flags Rules

Angela Moscaritolo June 12, 2009

A new frequently-asked-questions document aims to clear up some of the confusion around the Red Flags Rules.
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Apple Threats Botnets Breaches & Exposures Browser Flaws Cybercrime Data Leakage Prevention Database Security Email Security Endpoint Protection Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Spam Virtualization Vulnerabilities & Flaws Vulnerability Management