|
Can-spam Law ? How to Deliver an Effective Email Marketing Campaign and be
2012-01-26 11:31:00 by Andrew Huff Do you receive lots of junk email messages from people you don’t know? It’s no surprise if you do. As more people use email, marketers are increasingly using email messages to pitch their products and services. Some consumers find unsolicited commercial email – also known as “spam” – annoying and time consuming; ...
Achieving Efficient Governance, Risk and Compliance (GRC) for Financial Ser
2009-09-23 09:00:00 Now more than ever, financial institutions are struggling to comply with regulations and manage the risks and penalties of failing to operate within the rules. Establishing, maintaining and proving compliance requires both money and time that executives would rather invest in top-line growth. The myriad of procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet financial institutions that can master the management all of these activities—and demonstrate that they have done it—operate more efficiently, compete more effectively, and build their brands and good names in the marketplace. Fortunately, newly available software platforms that have become known as Governance, Risk, and Compliance (GRC) technologies can help. This white paper discusses the drivers behind the growing awareness of GRC information technology and introduces the elements of an effective automated GRC system.Request Free!
Ellisys is Official Tools Provider for UWB Platform Certification
2009-09-22 21:25:00 Ellisys has been selected as the sole official provider of protocol-level certification test tools for WiMedia-based Ultra Wideband (UWB) platform. (via Press Release from Ellisys – September 21, 2009) Geneva, Switzerland – Ellisys, a worldwide leader in protocol test and analysis solutions, today announced that it has been selected as the sole official provider of protocol-level certification test ...
Compliance And Control Wins The Day With Type 1 Diabetes!
2009-09-21 16:56:00 Back in mid July I started working on a life insurance case for a young man with type 1 diabetes. He had already discovered how easy it is to find a company to decline him, but the picture he painted was not one that led to a logical decline. He had the same strikes against him ...Post from: Ed Hinerman On Life InsuranceCompliance And Control Wins The Day With Type 1 Diabetes!
Getting started with security compliance for virtualization
2009-09-02 02:00:00 VMworld 2009 has been buzzing with an infectious energy since it opened this week. One can see the very visible and strong effect that virtualization is having on the entire IT industry. The emergence of virtualization as a major mainstream paradigm across datacenters has spawned a rich ecosystem of vendors and technologies that secure and manage virtualization.
Part-Time Compliance
2009-08-26 02:00:00 I recently found myself once again discussing the concept of real-time compliance reporting with a customer. Nothing was terribly unusual about this, except in this case I took a pragmatic position, and the customer voiced a decidedly idealist perspective. The genesis of the conversation was an exercise to define what compliance meant to the customer and how they would ideally like to assess adherence to regulatory requirements.
PCI Compliance and Virtualization: Feedback from QSAs
2009-04-22 02:00:00 So the RSA Conference is off to great start. It’s definitely one of my favorite times of the year given the tremendous amount of information security interest and expertise in one place.
PCI DSS Compliance and Virtualization: Guidance Needed
2009-04-16 02:00:00 Earlier this week, I was meeting with a customer, discussing how some of their strategic IT projects they are undertaking in 2009 would impact their efforts around PCI DSS compliance. This customer is a manufacturer for the consumer market and is classified as a Level 1 Merchant. Like many organizations in today’s environment, their overarching goal in 2009 is “doing more with less.”
PCI Compliance: SIEM
2009-03-09 01:00:00 During a recent customer meeting, I was asked to highlight key capabilities necessary to satisfy PCI’s Security Information and Event Management (SEIM) requirements. I explained to the customer that if their goal was merely to meet PCI Requirement 10, the solution used here – either purchased, outsourced or home grown – must posses a modest set of baseline capabilities. Some of these include enabling audit trails, reconstructing simple events, and securely storing audit trails for at least a year.
PCI Compliance: A Prioritized Approach
2009-03-04 01:00:00 On March 3, 2009 the PCI Security Standards Council announced a new resource to promote adoption of the PCI DSS. According to the Council, the “Prioritized Approach” provides six security milestones that will help merchants and other organizations incrementally protect against the highest risk factors and escalating threats while on the road to PCI DSS compliance. As I previously mentioned, this announcement has been anticipated since the 2008 Council Meetings.
Compliance. Compliance. Compliance.
2009-02-13 11:00:00 In recent years, the financial sector has undergone a significant ethical revolution that has transformed the industry. Measures promoting market integrity and respect for ethical principles are repeatedly mentioned in the media, with a particular emphasis on the fight against money laundering and terrorist financing. This growing movement has highlighted the important for effective internal ...
PCI Compliance: The end game or just a starting point?
2009-02-09 01:00:00 As I am sure many of you have heard, Heartland Payment Systems recently disclosed that it suffered a credit and debit card data breach in 2008. At this point, little is known beyond the announcement that “after being alerted by Visa® and MasterCard® of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter...
USTR Report On China's WTO Compliance. This Is What The Damn Thing Sa
2009-01-27 07:26:00 The other day I did a post on the United States Trade Representative Office's (USTR) release of its report on China's compliance with World Trade Organization (WTO) rules. The report is a daunting 115 pages and at the time we wrote about it, in our post entitled, "USTR Releases Its Report On China's WTO Compliance. Will Someone Please Read The Damn Thing?" we had not read it, nor could we find anyone online who had. I am happy to report that Experience Not Logic has read it and commented on it and so if you are interested in learning the gist of if without having to read it yourself, I urge you to read, its post, entitled, USTR on China's WTO Compliance: Damn Thing in a Nutshell. For those wanting to read the report in its entirety, it can be found [in pdf] by clicking here.
By: China Law Blog
USTR Releases Its Report On China's WTO Compliance. Will Someone Plea
2009-01-21 06:52:00 Professor Clarke at the Chinese Law Prof Blog did a post linking over to the United States Trade Representative Office's just released report to Congress on China's compliance (and non-compliance) with its WTO obligations. It consists of 115 pages and Professor Clarke states that he has no comments because he has not read it yet. I have not read it yet either and so I would love to hear from anyone who has (or does). The full report can be found [in pdf] by clicking here.
By: China Law Blog
The three big buckets of compliance, and why SIEM is important to all of th
2009-01-12 01:00:00 Too often we vendors go to clients and talk about compliance, and then throw up a slide showing an alphabet soup of regulations and standards, with no context about what they mean or how their product can help. Not only is it confusing, it shows a lack of understanding to customers, who are generally well educated about what these regulations and standards mean. I know this is basic stuff, but it's useful to recap once in a while.
PCI Compliance: Customer's frequently asked questions
2009-01-07 01:00:00 Over the past few weeks multiple merchants, banks and service providers have asked me the following three questions. Since there seems to be some confusion, I figured I’d post a short FAQ...
Blogging DON?T
2009-01-04 19:03:00 In addition to the blogs I typically read, I use Google.com/ALERTS to keep me apprised whenever any blog or article uses a phrase I’d be interested in (e.g., “practice marketing”): Often these two lists overlap. Case in point, this morning I read a great post by Kevin O’Keefe who writes the “Real Lawyers Have ...
vacutainer requirement in order to meet GMP compliance
2008-12-25 16:29:00 hello,merry christmas. Thanks for the respond on the vacutainer.may i have the information regarding the level of control in manufacturing assembly when the tube and the cap being assemble.is it compulsory to do in clean room..if it so,how deep the control of particals risk...10k.100k or 1oo,oo
PCI Compliance: Visa Announces Global Deadlines
2008-11-18 01:00:00 In response to the complex and global threats faced by the cardholder ecosystem, Visa Inc recently announced worldwide deadlines for PCI DSS Compliance. "Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."
Office Privacy Systems ? HIPPA Compliance
2008-11-17 08:35:00 Your source for the famous Marpac SleepMate 980 Sound Conditioner.
By: BlogMemes
Welding Machine Calibration to conform compliance with approved WPS
2008-11-11 15:27:00 Dear Friends Appreciate if anyone can guide me to prepare control sheet.
Facing Year-End Deadlines for PCI Compliance?
2008-10-29 01:00:00 As I was listening to the review of PCI DSS 1.2 at this year’s annual PCI Community Meeting (click here for a recap of the event), a QSA stepped up to one of the many microphones scattered throughout the audience. Rather than asking a question, he explained that many midsized merchants have reasonably large and complex environments, yet lack the internal resources required to evaluate, procure and implement the enterprise-class security controls needed for PCI DSS compliance. The QSA then asked the Council if they would recommend a specific set of actionable technology recommendations to help these organizations in their efforts...
The 5 'P's of Security and Compliance
2008-10-24 02:00:00 I have the good fortune to be able to talk to a lot of different customers about their security and compliance efforts, and in the process I learn a lot about what works and what doesn't. I also have the benefit of over 27 years’ experience in the IT industry, which means I've seen (and yes, made) pretty much every kind of mistake that can happen. But the one thing that always strikes me the hardest is that we keep making the most basic mistake over and over again, and, as you would expect, the results are inevitably the same. The mistake I'm referring to is ignoring the 5 'P's - Proper Planning Prevents Poor Performance...
PCI Compliance
2008-10-08 10:21:00 WebAsyst web servers successfully passed PCI Compliance certification by McAfee. This guarantees that all WebAsyst accounts (you.webasyst.net) are hosted on a secure server platform, where all your data and transactions are safe and protected from fraud. The PCI DSS is a set of comprehensive requirements for enhancing payment account data security, was developed by PCI Security Standards Council, VISA, MasterCard, American Express, Discover and other financial institutes. More information about WebAsyst web servers security.
By: WebAsyst Blog
The Virtues and Dangers of Security and Compliance
2008-09-29 02:00:00 Last week I made a flying visit to NYC to appear on a panel at Interop with John Pironti of Getronics, Khalid Kark of Forrester, Jennifer Mack of the PCI Standards Council and Jim Routh of DTCC. The subject was "Security By Compliance - A Discussion of Information Risk Management's Greatest Challenge".
Breaking Down the Walls of Compliance Challenges
2008-09-16 02:00:00 Compliance, Compliance, Compliance. It’s the word that’s on everybody’s lips in the security industry these days. Companies of all shapes & sizes are spending big bucks to ensure compliance, but what are they trying to be compliant to? Regulatory issues, legal issues, internal policies & procedures or all of the above??? Unfortunately, trying to be compliant in any of these areas brings challenges but there are some ways to make it a little easier...
Southeast Asia: Perspectives on Compliance
2008-09-03 02:00:00 This past weekend, I left Southeast Asia after a week-long trip to Bangkok, Singapore and Manila. The week was spent in back-to-back meetings with customers and our local sales teams, and the majority of our discussions centered on PCI DSS and compliance in general. One clear takeaway: Compliance is one of THE growing areas of concern for businesses in the region. I found the degree to which customers in the region were concerned about compliance to be a bit of a surprise. I say 'surprise' because I often hear that compliance isn't as much of an issue outside of the U.S. From what we're seeing, though, the regulatory environment in non-U.S. geos, including Southeast Asia, is becoming more complicated...
PCI Compliance: Reaction to the Summary of Changes
2008-08-19 02:00:00 On August 18 the PCI Security Standards Council formally announced (http://www.pcisecuritystandard-s.org/pdfs/08-18-08_2.pdf) forthcoming changes to the Payment Card Industry's Data Security Standard (PCI DSS) as it moves from version 1.1 to version 1.2 in October 2008. The release represents the first major update since September 2006. What's my take on the summary of changes? Most merchants will be pleased to see that these are relatively minor changes...
Proactive Education: Remedying the 'Strain' of Compliance
2008-08-08 02:00:00 A recent survey confirmed that internal threats continue to grow and to represent a challenge to organizations' security postures. It revealed that, in scans of 100,000 PCs and servers in many industries: 12% of infected computers had a missing or disabled anti-virus program, 10.7% had unauthorized personal storage such as USB sticks or external hard drives, 9.1% had unauthorized peer-to-peer (P2P) applications installed, 8.5% had a missing 3rd party desktop agent, 2.6% had unprotected shared folders, 2.2% had unauthorized remote control software, and 2% had missing Microsoft service packs. These results continue to resonate with the conclusions of the CSI FBI survey that reported in 2007 that internal threats have now outpaced viruses in terms of risk to organizations...
PCI Compliance: Book 'Em!
2008-08-06 15:00:00 On August 5, 2008, federal law enforcement officials announced the indictment of 11 people charged with stealing and selling more than 41 million credit and debit card numbers from nine major US companies. "This is the single largest and most complex identity theft case ever charged in this country," said US Attorney General Michael Mukasey. According to officials, the defendants -- three from the United States, one from Estonia, three from Ukraine, two from China, one from Belarus, and one of unknown origin -- tapped into wireless networks and installed programs that captured card numbers, passwords and account information. The stolen data was then hidden around the globe and sold for profit. This event reflects a growing trend in cyber crime...
PCI Compliance? Let's Talk!
2008-07-31 19:35:00 During a meeting with an RSA customer earlier this week, I was asked a very detailed and pointed question about my interpretation of requirement 3.4. Specifically, the customer was using encryption to render PANs unreadable and wanted to know if their algorithm was indeed classified as "strong cryptography." Really, the customer was interested in making sure this particular encryption algorithm would pass their upcoming PCI audit. While I was happy to voice my opinion, I stressed the critical importance of open and honest communication when it comes to passing an audit and successful PCI compliance in general...
In Security & Compliance, it's all about the 'I'
2008-07-25 02:00:00 Most of us in the security trade work in a group or have a job description that contains (or in some cases, implies) the word 'information' - 'IT Security', 'Information Security', 'Office of the CIO', etc. This naming convention, while a seemingly trivial aspect of our jobs, should really be the primary driver for everything we do. Why? Because virtually everything we do has the ultimate goal of protecting some type of asset that is important to our organization, and that asset is almost always information. This basic truth can be most effectively illustrated by considering what drives the daily requirements of our work - compliance.
Addressing Cost Issues in the Ever-Changing World of Compliance
2008-07-25 02:00:00 We keep hearing from analysts that the cost of compliance should go down each year but unfortunately our customers are telling us the exact opposite. They are continuing to get slammed by new regulations and feel compelled to implement all types of point products & solutions in order to meet immediate needs.
More RSA Compliance Solutions Bloggers
2008-07-03 21:30:00 Please join us in welcoming a two more RSA Bloggers. The RSA Compliance Solutions team (which already includes Dave Howell and Brad Davenport) has been joined by Andrew Maloney and John McDonald. Please take advantage of the comments field to get answers to your compliance-related security queries!
Compliance Lacks Control
2008-06-25 08:17:00 The ISA's Automation Standard Compliance Institute is rapidly expanding its resources to include wireless, security, plus ISA88 and ISA95 compliance. That sounds good, but the trouble is, vendor and end-user companies have been asked for huge annual fees ($50,000) to join, so what's to prevent a maj
New RSA Compliance Solutions Bloggers
2008-06-25 02:00:00 Please join us in welcoming a new set of RSA Bloggers. The RSA Compliance Solutions team--including Dave Howell and Brad Davenport--will be penning a set of blog entries for "Speaking of Security" around the theme of Simplified Compliance. Please take advantage of the comments field to get answers to your compliance-related security queries!
Defining "Compliance"
2008-06-25 02:00:00 As part of the RSA Compliance Solutions team I meet with companies all over the world to discuss their security challenges and priorities. Inevitably I spend much of my time discussing ... you guessed it ... compliance. It is eye-opening to see how differently our customers and partners, as well as folks within RSA, define compliance. From what I've seen, most will immediately gravitate towards the notion of meeting the stated or implied security requirements within governmental mandates, such as Sarbanes-Oxley and HIPAA. In addition, "compliance" certainly conjures up images of the PCI Data Security Standard, which isn't surprising considering how many organizations these requirements impact. What we don't tend to see initially is a broader view of compliance...
Security Compliance Management ? Solution Accelerator Available
2008-06-07 15:16:00 I wrote about it as we released the Beta. Now, the Solution Accelerator for Security Compliance Management is live and available. It is definitely worth looking at it: Security Compliance Management. Just to quote from the webpage: In today's IT environment, the ability to comply with regulations and industry standards, such as the Sarbanes Oxley Act, is a source of deep concern for many organizations. In addition, organizations need to manage risks resulting from emerging threats and changing conditions within their IT infrastructures. As a result, organizations need sound methods that they can count on to understand the state of the security settings in their IT infrastructures, assess the compliance of a security baseline, and demonstrate that compliance requirements have been met. To help organizations address these challenges, Microsoft has created the Security Compliance Management toolkit. The toolkit provides best practices from Microsoft about how to plan, deploy, and moni...
ESD Compliance
2008-06-06 17:14:00 to fully comply with ESD standards is it necessary to have painted walkways with ESD paint in your stockroom. And is it also necessary to have the bins painted the same, considering that all product is in ESD packaging?
What does 'PCI Compliance' Really Mean?
2008-06-06 02:00:00 I've just returned from EMC's annual user conference, EMC World. The attendance at the PCI sessions and the related discussion between many of the 9,000 customers and partners in attendance really underscored the progress that's being made with respect to cardholder data security. One of the issues that came up in nearly every conversation I had, in some form or another, was: "What does PCI compliance really mean?" This question brings up two very important concepts....
PCI Compliance: Learning from the U.S. Air Force
2008-06-05 02:12:00 SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforce’s response to web breaches. From SC Magazine: In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force, and stole 33,000 records. As data breaches ...
Tax Compliance in the EU - A Thorny Issue for Captive Insurers
2008-06-04 08:29:00 The lack of a uniform EU Insurance Premium Tax code is a headache for captive insurers. Finding an efficient solution requires careful consideration.
Web Compliance? It is often simply unbelievable!
2008-05-31 16:56:00 I can’t believe just how many web designers claim that their web sites are compliant with the standards when they are demonstrably not! I’m talking in particular about the World Wide Web (W3C) consortium’s standards for HTML and XHTML. You’ve probably seen their compliance logos proudly displayed on web sites that claim to comply. The standards are exacting and very unforgiving on slips in the code. A particular page either complies or it does not, but this is nothing particularly challenging for a professional discipline that is used to such binary situations. The standards are important for all sorts of reasons, not least because there is a greater chance that more browsers will render the sites as intended, that search engines are more likely to index them properly and that people using less popular browsers because of their disabilities are more likely to be able to access them. There are standards in many different professions ...
Risk and Compliance Solutions Specialist selects DediPower to meet its co-l
2008-05-27 22:40:00 To protect and ensure secure, reliable access to its IT infrastructure
Safety Seminar Tackles Cal/OSHA Compliance on June 13 in Bakersfield
2008-05-25 00:00:00 As part of State Fund Compensation Insurance Fund?s Employer Education Series a safety seminar addressing Cal/OSHA compliance will be held in Bakersfield. Open to the public, this event features presentations by State Fund Loss Control staff targeting ways to meet Cal/OSHA compliance.
Single Sign-On (SSO) Legal Compliance
2008-05-21 14:53:00 Some organizations have implemented Single Sign-On (SSO) without properly understanding the legal risks, providing the education to manage those risks, or putting in place the appropriate legal processes and documents. Such processes and documents should be in place and accepted by all of the SSO participants BEFORE utilizing SSO technologies. My "sister company", Clareity Security, has added a number of important Single Sign-On (SSO) resources to its web site, especially for MLS operators, brokerages, and real estate software and settlement service providers implementing SSO. The most recent addition is a Single Sign-On Legal Compliance paper, prepared in consultation with noted attorney John H. Rees. Clareity Security is releasing this document to encourage real estate organizations implementing SSO to take the appropriate legal and business steps prior to implementation. Note that that document and the sample contract language are provided only as a resource, and are not intende...
Oracle Identity Management: Governance, Risk, and Compliance Architecture,
2008-05-21 06:05:00 Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition (Paperback)By Marlin B. Pohlman Buy new: $69.95$63.9012 utilised and new from $49.99 Customer Rating: First tagged “oracle” by Peter Stomenhoff “Practice Manager — Oracle Identity ...
Habubank Chooses World-Check to Enhance its Compliance Processes
2008-05-15 15:21:00 Habubank, the first commercial joint stock bank in Viet Nam, today announced that it will utilise World-Check's risk intelligence solutions to enhance its due diligence and Know Your Customer (KYC) compliance processes. World-Check is the leading global provider of intelligence on heightened risk individuals and... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]
The Planet Hosts Forum on IT Compliance and Risk Management
2008-05-14 00:07:00 The Techxans is the largest technology executives network in the state, with more than 13,000 members and chapters in Houston, Dallas, Austin and San Antonio
Freedom Contingent Upon Compliance Is Not Freedom!
2008-05-12 03:05:00 It is imperative to understand that this country is formed solely upon the Sovereignty of the People themselves and that in that Sovereignty, they have, out of both necessity and desire, come together to form communities of governments to act both on their behalf and upon their Consent. This Sovereignty finds its expression, and has done so, in the governments of the Several States, which in turn, have reflected their Will in the formation of a federation of States called the United States.The Several States, in the purist expression of the People's Sovereignty have formed, established and delegated the government federal. The Rights of the People are embedded in the Rights of the States, you cannot have one without the other, nor can you have a delegation of authority and power without such Rights, both Reserved and Delegated. It is the Delegated Trust, from the People through the medium of their Respective States to the federal government, which pronounced and delineates the Sove... |
|
 |
|
 |
