Compliance

Final settlement reached in CVS HIPAA violation suit

Angela Moscaritolo June 25, 2009

CVS Caremark must implement an information security program and obtain assessments of its effectiveness every other year for 20 years to settle federal charges.
 

FTC releases FAQs on Red Flags Rules

Angela Moscaritolo June 12, 2009

A new frequently-asked-questions document aims to clear up some of the confusion around the Red Flags Rules.
 

Bank sues Savvis over 2005 CardSystems breach

Angela Moscaritolo May 28, 2009

Utah-based Merrick Bank claims to have lost $16 million as a result of a 2005 breach of payment card processor CardSystems Solutions and is now seeking legal restitution.
 

Study finds IT security pros cheat on audits

Angela Moscaritolo May 27, 2009

IT security professionals might think of auditing as a pain, but some are actually cheating to get audits passed, according to a study released Wednesday.
 

GAO report finds security lagging at federal agencies

Dan Kaplan May 21, 2009

Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.
 

McAfee acquires Solidcore

Angela Moscaritolo May 15, 2009

McAfee today announced the acquisition of dynamic whitelisting vendor Solidcore for approximately $33 million. The acquisition advances McAfee's endpoint security and risk management portfolio. Specifically, Solidcore enables McAfee to now provide security for automated teller machines (ATMs), point-of-sale (POS) systems, multifunction printers (MFPs), supervisory control and data acquisition (SCADA) systems, as well as mobile and other embedded devices. In addition, it will strengthen McAfee's virtualization solutions, the company said in a news release. — AM
 

Cloud computing providers require strong audits

Angela Moscaritolo May 11, 2009

Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.
 

Heartland again PCI compliant

Dan Kaplan May 01, 2009

Breached payment card processor Heartland Payment Systems has been again certified compliant with the Payment Card Industry Data Security Standard (PCI DSS), the company announced Friday. In March, two months after the breach was disclosed, Visa removed Heartland from its list of compliant service providers. Some experts questioned whether the removal meant merchants risked being fined for doing business with Heartland, but Visa issued a statement saying this was not true. Heartland said it is expects to rejoin the Visa-approved list on Monday. — DK
 

PCI DSS compliance: You can't just check the boxes

Brian Eberhardy, senior consulting engineer for SenSage May 01, 2009

Recent breaches at organizations that were certified as PCI DSS compliant, continue to prove that compliance doesn't completely eliminate the risk of a data breach.
 

RSA: The fundamental challenge of security versus privacy

Angela Moscaritolo April 22, 2009

A fundamental tension exists in balancing individual privacy rights and the collective right to security, Gary McGraw, CTO of application security vendor Cigital said at the RSA Conference Tuesday.
 

How the recession is affecting IT spending

Angela Moscaritolo April 20, 2009

Despite the financial crisis, companies are still putting forth money for IT security efforts while overall IT spending is less of a priority, according to a new survey conducted by strategy and business advisory firm MetroSITE Group, and Pacific Crest Securities, a technology investment bank.
 

Lumension takes Securityworks

Angela Moscaritolo April 20, 2009

Endpoint security solutions vendor Lumension announced on Monday its acquisition of Securityworks, an IT security, risk and compliance solutions vendor. The acquisition will enable Lumension to help organizations improve their overall security and risk posture, optimize IT resources, increase operational efficiency and reduce the cost and complexity of demonstrating compliance the company said in a news release. The IT governance, risk management and compliance (GRC) software market is expected to grow from $590 million in 2006 to $1.3 billion by 2011, according to Forrester Research. — AM
 

Be careful with the Rockefeller-Snowe bill

Luther Martin, chief security architect, Voltage Security April 16, 2009

Some parts of the Rockefeller-Snowe bill make sense, while other parts may cause unexpected consequences.
 

SANS report shows security logs no longer "geek toys"

Chuck Miller April 07, 2009

Organizations use security log data to a greater extent than ever before, according to the 2009 Annual Log Management Survey from the SANS Institute.
 

Heartland: Visa won't fine you for doing business with us

Dan Kaplan March 24, 2009

As Heartland works to become compliant again with the PCI standard, Visa plans to hold off on issuing fines.
 

Insecure smart grid technology could result in utility attacks

Dan Kaplan March 23, 2009

Development of the smart grid faces a number of uphill climbs -- such as customer adoption and interoperability -- but security could prove of the most difficult tasks.
 

Visa risk chief: Reports of PCI's death exaggerated

Dan Kaplan March 19, 2009

Criticisms of the PCI DSS will hurt the security of payment systems, Visa's chief risk officer said Thursday at the card brand's Security Summit in Washington, D.C.
 

Visa: Heartland, RBS WorldPay no longer PCI compliant

Dan Kaplan March 13, 2009

Visa has removed Heartland Payment Systems and RBS WorldPay -- two payment processors that have announced massive data breaches in recent months -- from its list of service providers compliant with payment industry guidelines.
 

How should you ensure PCI DSS compliance?

Gretchen McCoy, Senior VP of the Technology Management Division for Visa International, Retired; Strategic Advisory Board member, Rohati Systems March 09, 2009

Most IT professionals know that firewalls and anti-virus solutions aren't the only technologies needed to address the PCI Council's mandates.
 

Background investigator settles with FTC over ID theft

Greg Masters March 05, 2009

An organization that sells consumer information, including names, Social Security numbers, credit card numbers and credit histories, has settled Federal Trade Commission charges that it failed to properly screen potential customers, leading to the sale of at least 318 reports to ID thieves.
 

Group unveils first-of-its-kind standard to secure patient data

Dan Kaplan March 02, 2009

An unprecedented health care common security framework seeks to raise patient trust, while enabling organizations to more effectively meet compliance mandates -- especially as they move toward electronic records.
 

PCI council offering "milestones" for compliance

Dan Kaplan February 27, 2009

The PCI Security Standards Council next week plans to release guidance on how companies should approach complying with the payment security requirements.
 

Netezza buys Tizor

Dan Kaplan February 26, 2009

Netezza, makers of data management products, has acquired database auditing and monitoring firm Tizor Systems for $3.1 million, according to a filing with the federal Securities and Exchange Commission. The deal will enable Netezza users "to track, store and perform forensic analysis" to help them more readily meet compliance demands, the company said in a release. — DK
 

Visa confirms another payment processor breach

Dan Kaplan February 23, 2009

Visa has confirmed that yet another payment processor has been hit by hackers.
 

Data protection lawyer appointed to lead DHS privacy efforts

Dan Kaplan February 19, 2009

A lawyer specializing in data security has been appointed chief privacy officer at the U.S. Department of Homeland Security.
 

CVS to pay $2.25 million to settle HIPAA violation

Dan Kaplan February 18, 2009

CVS Caremark has agreed to pay nearly $2.3 million for violating federal privacy laws regarding the protection of patient information.
 

NetForensics buys High Tower

Dan Kaplan February 17, 2009

NetForensics on Monday announced it has acquired High Tower Software, formerly a competitor that provided log management solutions to mid-size businesses. The deal -- terms of which were not disclosed -- enables netForensics and its managed security services provider (MSSP) partners to provide security compliance offerings throughout the lifecycle, including security information and event management, database activity monitoring and log management. High Tower reportedly had closed in November due to poor sales. — DK
 

CASE STUDY: Stock Yards Bank & Trust

Greg Masters February 13, 2009

A biometric solution helps Stock Yards Bank & Trust manage passwords and aids in compliance efforts.
 

Massachusetts data security law compliance extended

Dan Kaplan February 12, 2009

The deadline to comply with the stringent Massachusetts data security regulations, which mandate the encryption of all portable devices, such as laptops, has been extended from May 1 until Jan. 1, 2010.
 

Regulations can provide much-needed relief for security professionals

Mike Lloyd, chief scientist, RedSeal Systems February 12, 2009

When security needs are stated in terms of achieving a compliance requirement, management is far more likely to listen.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Spyware Anti Virus Apple Threats Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Data Loss Prevention Endpoint Protection Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Mobile Endpoint Security Privacy Privacy Regulation Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws