|
Welding Machine Calibration to conform compliance with approved WPS
2008-11-11 15:27:00 Dear Friends Appreciate if anyone can guide me to prepare control sheet.
Facing Year-End Deadlines for PCI Compliance?
2008-10-29 01:00:00 As I was listening to the review of PCI DSS 1.2 at this year’s annual PCI Community Meeting (click here for a recap of the event), a QSA stepped up to one of the many microphones scattered throughout the audience. Rather than asking a question, he explained that many midsized merchants have reasonably large and complex environments, yet lack the internal resources required to evaluate, procure and implement the enterprise-class security controls needed for PCI DSS compliance. The QSA then asked the Council if they would recommend a specific set of actionable technology recommendations to help these organizations in their efforts...
The 5 'P's of Security and Compliance
2008-10-24 02:00:00 I have the good fortune to be able to talk to a lot of different customers about their security and compliance efforts, and in the process I learn a lot about what works and what doesn't. I also have the benefit of over 27 years’ experience in the IT industry, which means I've seen (and yes, made) pretty much every kind of mistake that can happen. But the one thing that always strikes me the hardest is that we keep making the most basic mistake over and over again, and, as you would expect, the results are inevitably the same. The mistake I'm referring to is ignoring the 5 'P's - Proper Planning Prevents Poor Performance...
PCI Compliance
2008-10-08 10:21:00 WebAsyst web servers successfully passed PCI Compliance certification by McAfee. This guarantees that all WebAsyst accounts (you.webasyst.net) are hosted on a secure server platform, where all your data and transactions are safe and protected from fraud. The PCI DSS is a set of comprehensive requirements for enhancing payment account data security, was developed by PCI Security Standards Council, VISA, MasterCard, American Express, Discover and other financial institutes. More information about WebAsyst web servers security.
By: WebAsyst Blog
The Virtues and Dangers of Security and Compliance
2008-09-29 02:00:00 Last week I made a flying visit to NYC to appear on a panel at Interop with John Pironti of Getronics, Khalid Kark of Forrester, Jennifer Mack of the PCI Standards Council and Jim Routh of DTCC. The subject was "Security By Compliance - A Discussion of Information Risk Management's Greatest Challenge".
Breaking Down the Walls of Compliance Challenges
2008-09-16 02:00:00 Compliance, Compliance, Compliance. It’s the word that’s on everybody’s lips in the security industry these days. Companies of all shapes & sizes are spending big bucks to ensure compliance, but what are they trying to be compliant to? Regulatory issues, legal issues, internal policies & procedures or all of the above??? Unfortunately, trying to be compliant in any of these areas brings challenges but there are some ways to make it a little easier...
Southeast Asia: Perspectives on Compliance
2008-09-03 02:00:00 This past weekend, I left Southeast Asia after a week-long trip to Bangkok, Singapore and Manila. The week was spent in back-to-back meetings with customers and our local sales teams, and the majority of our discussions centered on PCI DSS and compliance in general. One clear takeaway: Compliance is one of THE growing areas of concern for businesses in the region. I found the degree to which customers in the region were concerned about compliance to be a bit of a surprise. I say 'surprise' because I often hear that compliance isn't as much of an issue outside of the U.S. From what we're seeing, though, the regulatory environment in non-U.S. geos, including Southeast Asia, is becoming more complicated...
PCI Compliance: Reaction to the Summary of Changes
2008-08-19 02:00:00 On August 18 the PCI Security Standards Council formally announced (http://www.pcisecuritystandard-s.org/pdfs/08-18-08_2.pdf) forthcoming changes to the Payment Card Industry's Data Security Standard (PCI DSS) as it moves from version 1.1 to version 1.2 in October 2008. The release represents the first major update since September 2006. What's my take on the summary of changes? Most merchants will be pleased to see that these are relatively minor changes...
Proactive Education: Remedying the 'Strain' of Compliance
2008-08-08 02:00:00 A recent survey confirmed that internal threats continue to grow and to represent a challenge to organizations' security postures. It revealed that, in scans of 100,000 PCs and servers in many industries: 12% of infected computers had a missing or disabled anti-virus program, 10.7% had unauthorized personal storage such as USB sticks or external hard drives, 9.1% had unauthorized peer-to-peer (P2P) applications installed, 8.5% had a missing 3rd party desktop agent, 2.6% had unprotected shared folders, 2.2% had unauthorized remote control software, and 2% had missing Microsoft service packs. These results continue to resonate with the conclusions of the CSI FBI survey that reported in 2007 that internal threats have now outpaced viruses in terms of risk to organizations...
PCI Compliance: Book 'Em!
2008-08-06 15:00:00 On August 5, 2008, federal law enforcement officials announced the indictment of 11 people charged with stealing and selling more than 41 million credit and debit card numbers from nine major US companies. "This is the single largest and most complex identity theft case ever charged in this country," said US Attorney General Michael Mukasey. According to officials, the defendants -- three from the United States, one from Estonia, three from Ukraine, two from China, one from Belarus, and one of unknown origin -- tapped into wireless networks and installed programs that captured card numbers, passwords and account information. The stolen data was then hidden around the globe and sold for profit. This event reflects a growing trend in cyber crime...
PCI Compliance? Let's Talk!
2008-07-31 19:35:00 During a meeting with an RSA customer earlier this week, I was asked a very detailed and pointed question about my interpretation of requirement 3.4. Specifically, the customer was using encryption to render PANs unreadable and wanted to know if their algorithm was indeed classified as "strong cryptography." Really, the customer was interested in making sure this particular encryption algorithm would pass their upcoming PCI audit. While I was happy to voice my opinion, I stressed the critical importance of open and honest communication when it comes to passing an audit and successful PCI compliance in general...
In Security & Compliance, it's all about the 'I'
2008-07-25 02:00:00 Most of us in the security trade work in a group or have a job description that contains (or in some cases, implies) the word 'information' - 'IT Security', 'Information Security', 'Office of the CIO', etc. This naming convention, while a seemingly trivial aspect of our jobs, should really be the primary driver for everything we do. Why? Because virtually everything we do has the ultimate goal of protecting some type of asset that is important to our organization, and that asset is almost always information. This basic truth can be most effectively illustrated by considering what drives the daily requirements of our work - compliance.
Addressing Cost Issues in the Ever-Changing World of Compliance
2008-07-25 02:00:00 We keep hearing from analysts that the cost of compliance should go down each year but unfortunately our customers are telling us the exact opposite. They are continuing to get slammed by new regulations and feel compelled to implement all types of point products & solutions in order to meet immediate needs.
More RSA Compliance Solutions Bloggers
2008-07-03 21:30:00 Please join us in welcoming a two more RSA Bloggers. The RSA Compliance Solutions team (which already includes Dave Howell and Brad Davenport) has been joined by Andrew Maloney and John McDonald. Please take advantage of the comments field to get answers to your compliance-related security queries!
Compliance Lacks Control
2008-06-25 08:17:00 The ISA's Automation Standard Compliance Institute is rapidly expanding its resources to include wireless, security, plus ISA88 and ISA95 compliance. That sounds good, but the trouble is, vendor and end-user companies have been asked for huge annual fees ($50,000) to join, so what's to prevent a maj
New RSA Compliance Solutions Bloggers
2008-06-25 02:00:00 Please join us in welcoming a new set of RSA Bloggers. The RSA Compliance Solutions team--including Dave Howell and Brad Davenport--will be penning a set of blog entries for "Speaking of Security" around the theme of Simplified Compliance. Please take advantage of the comments field to get answers to your compliance-related security queries!
Defining "Compliance"
2008-06-25 02:00:00 As part of the RSA Compliance Solutions team I meet with companies all over the world to discuss their security challenges and priorities. Inevitably I spend much of my time discussing ... you guessed it ... compliance. It is eye-opening to see how differently our customers and partners, as well as folks within RSA, define compliance. From what I've seen, most will immediately gravitate towards the notion of meeting the stated or implied security requirements within governmental mandates, such as Sarbanes-Oxley and HIPAA. In addition, "compliance" certainly conjures up images of the PCI Data Security Standard, which isn't surprising considering how many organizations these requirements impact. What we don't tend to see initially is a broader view of compliance...
Security Compliance Management ? Solution Accelerator Available
2008-06-07 15:16:00 I wrote about it as we released the Beta. Now, the Solution Accelerator for Security Compliance Management is live and available. It is definitely worth looking at it: Security Compliance Management. Just to quote from the webpage: In today's IT environment, the ability to comply with regulations and industry standards, such as the Sarbanes Oxley Act, is a source of deep concern for many organizations. In addition, organizations need to manage risks resulting from emerging threats and changing conditions within their IT infrastructures. As a result, organizations need sound methods that they can count on to understand the state of the security settings in their IT infrastructures, assess the compliance of a security baseline, and demonstrate that compliance requirements have been met. To help organizations address these challenges, Microsoft has created the Security Compliance Management toolkit. The toolkit provides best practices from Microsoft about how to plan, deploy, and moni...
ESD Compliance
2008-06-06 17:14:00 to fully comply with ESD standards is it necessary to have painted walkways with ESD paint in your stockroom. And is it also necessary to have the bins painted the same, considering that all product is in ESD packaging?
What does 'PCI Compliance' Really Mean?
2008-06-06 02:00:00 I've just returned from EMC's annual user conference, EMC World. The attendance at the PCI sessions and the related discussion between many of the 9,000 customers and partners in attendance really underscored the progress that's being made with respect to cardholder data security. One of the issues that came up in nearly every conversation I had, in some form or another, was: "What does PCI compliance really mean?" This question brings up two very important concepts....
PCI Compliance: Learning from the U.S. Air Force
2008-06-05 02:12:00 SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforce’s response to web breaches. From SC Magazine: In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force, and stole 33,000 records. As data breaches ...
Tax Compliance in the EU - A Thorny Issue for Captive Insurers
2008-06-04 08:29:00 The lack of a uniform EU Insurance Premium Tax code is a headache for captive insurers. Finding an efficient solution requires careful consideration.
Web Compliance? It is often simply unbelievable!
2008-05-31 16:56:00 I can’t believe just how many web designers claim that their web sites are compliant with the standards when they are demonstrably not! I’m talking in particular about the World Wide Web (W3C) consortium’s standards for HTML and XHTML. You’ve probably seen their compliance logos proudly displayed on web sites that claim to comply. The standards are exacting and very unforgiving on slips in the code. A particular page either complies or it does not, but this is nothing particularly challenging for a professional discipline that is used to such binary situations. The standards are important for all sorts of reasons, not least because there is a greater chance that more browsers will render the sites as intended, that search engines are more likely to index them properly and that people using less popular browsers because of their disabilities are more likely to be able to access them. There are standards in many different professions ...
Risk and Compliance Solutions Specialist selects DediPower to meet its co-l
2008-05-27 22:40:00 To protect and ensure secure, reliable access to its IT infrastructure
Safety Seminar Tackles Cal/OSHA Compliance on June 13 in Bakersfield
2008-05-25 00:00:00 As part of State Fund Compensation Insurance Fund?s Employer Education Series a safety seminar addressing Cal/OSHA compliance will be held in Bakersfield. Open to the public, this event features presentations by State Fund Loss Control staff targeting ways to meet Cal/OSHA compliance.
Single Sign-On (SSO) Legal Compliance
2008-05-21 14:53:00 Some organizations have implemented Single Sign-On (SSO) without properly understanding the legal risks, providing the education to manage those risks, or putting in place the appropriate legal processes and documents. Such processes and documents should be in place and accepted by all of the SSO participants BEFORE utilizing SSO technologies. My "sister company", Clareity Security, has added a number of important Single Sign-On (SSO) resources to its web site, especially for MLS operators, brokerages, and real estate software and settlement service providers implementing SSO. The most recent addition is a Single Sign-On Legal Compliance paper, prepared in consultation with noted attorney John H. Rees. Clareity Security is releasing this document to encourage real estate organizations implementing SSO to take the appropriate legal and business steps prior to implementation. Note that that document and the sample contract language are provided only as a resource, and are not intende...
Oracle Identity Management: Governance, Risk, and Compliance Architecture,
2008-05-21 06:05:00 Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition (Paperback)By Marlin B. Pohlman Buy new: $69.95$63.9012 utilised and new from $49.99 Customer Rating: First tagged “oracle” by Peter Stomenhoff “Practice Manager — Oracle Identity ...
Habubank Chooses World-Check to Enhance its Compliance Processes
2008-05-15 15:21:00 Habubank, the first commercial joint stock bank in Viet Nam, today announced that it will utilise World-Check's risk intelligence solutions to enhance its due diligence and Know Your Customer (KYC) compliance processes. World-Check is the leading global provider of intelligence on heightened risk individuals and... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]
The Planet Hosts Forum on IT Compliance and Risk Management
2008-05-14 00:07:00 The Techxans is the largest technology executives network in the state, with more than 13,000 members and chapters in Houston, Dallas, Austin and San Antonio
Freedom Contingent Upon Compliance Is Not Freedom!
2008-05-12 03:05:00 It is imperative to understand that this country is formed solely upon the Sovereignty of the People themselves and that in that Sovereignty, they have, out of both necessity and desire, come together to form communities of governments to act both on their behalf and upon their Consent. This Sovereignty finds its expression, and has done so, in the governments of the Several States, which in turn, have reflected their Will in the formation of a federation of States called the United States.The Several States, in the purist expression of the People's Sovereignty have formed, established and delegated the government federal. The Rights of the People are embedded in the Rights of the States, you cannot have one without the other, nor can you have a delegation of authority and power without such Rights, both Reserved and Delegated. It is the Delegated Trust, from the People through the medium of their Respective States to the federal government, which pronounced and delineates the Sove...
New NEC ShieldPRO Rugged Tablet Notebook
2008-05-09 02:14:00 NEC introduces a new tablet notebook in its ShieldPRO rugged line. The new NED ShieldPRO features an Intel Core 2 Duo U7500 CPU at 1.0Ghz and a LED-backlit 12.1 inch LCD with 750cd/m2 brightness. Under a rugged notebook NEC understands IP55 compliance for dust and water resistance, surviving a 90 cm drop onto concrete, and withstanding temperatures ...
By: Gadgets Are Us
Compliance. Does it matter?
2008-05-06 15:00:00 I was reading a post yesterday that showed several social media sites without compliant code. It’s been thought that Google will penalize for poor site structure and non-compliant markup and CSS. But do they? It’s tough to say… but I did a bit of research and found that it may not make much difference to ... SHARETHIS.addEntry( { title: "Compliance. Does it matter?", url: "http://www.openjason.com/2008/-05/06/compliance-does-it-matter-/" } );
By: OpenJason
IAB Launches Video Ad Compliance Seal
2008-05-05 22:25:00 In conjunction with finalizing its Digital Video In-Stream Ad Format Guidelines, the Interactive Advertising Bureau has unveiled a compliance program à la TRUSTe. The new guidelines were proposed a month ago, and nothing in those original guidelines has changed following a comment period. According to the IAB press release, “The IAB suggests that compliant member sites ...
TDSAT appoints commissioner to inspect compliance of its order
2008-04-30 06:09:00 Broadcast tribunal TDSAT on Tuesday appointed a local commissioner to inspect compliance of its order directing three Mumbai-based channel distributors to restore signals of Indusind Media and Communications Ltd. The move follows TDSAT's directions over a contempt application moved by the Multi System Operator (MSO) Indusind Media against its former distributors. In its contempt application, Indusind Media has contended that despite the order of the Telecom Disp utes Settlement and Appellate Tribunal (TDSAT) on April 24 its signals were being not restored back to the local cable operators and area cable operators.However, the distributors - In Cable Communication, Sai Ganesh Enterprise and Satekrishmani Network - objected to Indusind Media's contention by saying that as per the tribunal's order they had already restored Indusind's feed.To verify the contradictory claims by both sides, Justice Mr Arun Kumar, Chairman of TDSAT appointed Mr Meet Malhotra as the local commissioner a...
Farmers fined for cross compliance breaches
2008-04-28 18:00:00 Failure to properly identify and register their cattle and sheep were the most common problems farmers faced in 2007 in meeting the EU's cross compliance standards.
By: FWi - All News
NCC’s ICT compliance initiative
2008-04-25 08:54:00 South East Bureau Chief, Jude Ossai, writes on the efforts of the Nigeria Communications Commission (NCC) to make Nigerians compliant with Information and Communications Technology (ICT).THERE is no gainsaying the fact that enhancement of Information and Communications Technology (ICT) capacity of most Nigerians is a challenge confronting the nation’s communications sector. The reality is that many Nigerians, including the lettered ones, are still far from being computer literate. However, the Executive Vice Chairman of the Nigerian Communications Commission (NCC), Chief Ernest Ndukwe, has achieved feats through his telecommunication revolution specifically between February 2000 and December 2007 when the nation’s subscriber base grew from 0.4 million to 42 million. The dominance of ICT-induced activities in the international community, which has become a global trend, will render every educated person and professional that are not ICT compliant illiterate.Ndukwe had no better f...
Lowongan SENIOR SUPERVISOR – MINE ENVIRONMENTAL COMPLIANCE Newmont Nusa T
2008-04-20 04:00:00 PT Newmont Nusa Tenggara (PTNNT) operates the Batu Hijau cooper/gold mine in West Sumbawa, West Nusa Tenggara Province (NTB). PTNNT is commited to becoming a leader in safety, environmetal stewardship and social responsibility. The Company is inviting skilled, trained, highly commited and dedicated Indonesian workers and professionals to be a part of our team for the positions: (more…)
By: Lowongan Kerja
Regulatory Compliance & The Real Risk of Undetected Malware: Part 2
2008-04-18 19:33:00 I am working on a white-paper that covers the disconnect between formal audit process and the technical safeguards implemented to ensure internal controls are adequate. As you may have read part 1 of this article series and how I talked about the missing element, this is a continuation delving deeper into the problem. Thoughts? Comments? “In the wake ...
Creating a Culture of Compliance
2008-04-18 00:01:00 Governance relies on culture, and establishing an appropriate culture is one of the most important jobs for a board. Checking that the culture the board wanted is the culture they actually have is also important. The board will get some idea of the culture within the organisation by observing the behaviours of the CEO and ...
By: Audit Trail
Proven Strategies for Improving Your Legal Compliance Scorecard?
2008-04-18 00:00:00 At a recent Two Step webinar, Craig Newfield, Vice President and General Counsel of Gomez, Inc., and Mark Martines, Executive Vice President and General Counsel of Jenzabar, Inc., presented an excellent framework for improving and assessing legal compliance at venture-backed,...
Moving Towards PCI Compliance with cPanel
2008-04-14 11:31:00 Those of you who are server admins or use certain merchant services know what I’m taking about — it’s that dreaded security scan that picks apart your server to tell you everything that it thinks is wrong, assuming you have the knowledge or access to fix it: yes, the PCI scan. PCI compliancy ...
Talking Compliance
2008-04-13 06:00:00 The latest edition of the TTM Consulting Healthcare Newsletter, Serious About Compliance, is now available. Of course it’s always a big deal when hospitals start talking about compliance, but unfortunately some healthcare entities obviously aren’t treating it as serious business, and that’s getting a lot of healthcare folks in trouble. The government, of course, loves ...
By: Mitch's Blog
Government Risk and Compliance ? No, It?s Not a Typo
2008-04-09 17:51:00 Of course we usually use this space to address GRC issues — that is, Governance, Risk and Compliance. But today the news is all-too full of government risk and compliance issues. First-up, news that internal auditors reviewing the finances of the District of Columbia are calling the CFO’s office a “material weakness” that ...
By: Audit Trail
Security Compliance Management ? Beta Available
2008-04-04 08:36:00 Compliance is the theme of the day at the moment. We often even see the Security Officers starting to report to the head of compliance. So, if you are interested in this, we just launched the Security Compliance Management Beta for you to download. I quote from the website: The Security Compliance Management toolkit consists of 12 desired configuration management (DCM) Configuration Packs that you can use with Microsoft System Center Configuration Manager 2007. You can use the Configuration Packs to scan the computers in your environment to determine their level of compliance with baselines prescribed in security guides from Microsoft for Windows® XP SP2, Windows Vista®, and Windows Server® 2003 SP2. Customers can then use the DCM feature in Configuration Manger 2007 to produce reports that IT professionals can use to remediate security baseline settings and provide proof of compliance to a known baseline. Customers also can customize all of the prescribed security baselines and Con...
Microtune raises compliance issues with U.S. on DTV set tops
2008-03-31 13:25:00 Microtune shares test data on non-compliant CECB's with NTIA.Microtune sent a letter on March 25th to the National Telecommunications and Information Administration (NTIA) identifying a matter of critical importance to the U.S. government and to American consumers in the successful implementation of the U.S. digital television transition.Through internal testing in its Advanced Television Systems Committee (ATSC) lab, Microtune has discovered tuner-related performance failures in certain certified coupon-eligible converter boxes (CECBs) that do not contain Microtune tuners (See Backgrounder below). These converter boxes are widely available in retail channels. Their failure to meet NTIA regulatory performance requirements could potentially result in the loss of digital TV reception in a number of major metropolitan areas, potentially impacting the millions of Americans who will rely on these converter boxes to receive free over-the-air TV broadcasts. Microtune has made its test res...
Supermarket Breach Calls PCI Compliance Into Question
2008-03-22 05:00:00 Supermarket Breach Calls PCI Compliance Into QuestionHannaford Bros. exposed millions of credit and debit card numbers.http://www.informationw-eek.com/security/showArticle.jh-tml?articleID=206904986&cid-=RSSfeed_TechWeb
Regulatory Compliance & the Real Risk of Undetected Malware
2008-03-20 03:41:00 With the emergence of regulatory laws borne out of experience from a variety of embarrassing security breaches, today?s corporate leaders face a myriad of repercussions. These range from serious fines to jail time when found not in compliance with regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and Payment ...
PCI Compliance – Is it a deterrent to security?
2008-03-17 14:11:00 The Security and Compliance Connection Blog – PCI has been held up by many as a benchmark for most organizations to follow for improving their infrastructure controls. Yet, in a recent article on eWeek, Evan Shuman actually challenged that notion by questioning whether PCI might actually be ... read more
Carrots for compliance?
2008-03-12 21:30:00 Lots of interesting things to read today, ladies and gentlemen. First up, word from Financial Week that Senator Elizabeth Dole is proposing to make SOX provisions 302 and 404 voluntary for banks, arguing that the regulations are overly burdensome. Speaking of banks, more news today from French Bank Societe Generale — word that ...
By: Audit Trail
Compliance Mandate without Executive Buy-in is like a Bird without Wings
2008-03-11 19:03:00 We at Approva just wrapped up our first-ever user group meeting for our Houston-Dallas customers, and I?m pleased to report that it was, by all accounts, both informative and useful for our customers. We gathered at the Houston headquarters of Reliant Energy and kicked things off with a discussion of experiences, lessons learned, challenges ...
By: Audit Trail
|
|
 |
|
 |
