Category Archives: Governance, Risk and Compliance
Privacy Advocates Vs. Legislators: House To Revisit CISPA This Week
Call it ‘cybersecurity’ week in our nation’s capital, as Internet privacy advocates clash with legislators on the best way enact quality cybersecurity legislation. The House Intelligence Committee plans to revisit the polarizing Cyber Intelligence Sharing and Protection Act (CISPA) this week, scheduling a “mark up” session today to revamp some of the bill’s amendments. This could eventually lead to a … Read more
IBM: Web Application Vulnerabilities Threaten The Enterprise
Web application vulnerabilities remained one of enterprises most pressing issues, rising 14% in 2012 over 2011 end of year numbers, according to a recent report. These vulnerabilities were exploited by attackers who, more often then not, injected malicious scripts and executables onto legitimate websites, targeting client side vulnerabilities in the browser core and in plugins such as those in Internet … Read more
Posted in Application Security, Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats, Uncategorized
Tagged DDoS, DDoS Attacks, IBM X-Force 2012 Annual Trend and Risk Report, malware, security information and event managemetn (SIEM), spam
Leave a comment
Survey: The Trouble With SIEM
Security Information and Event Management (SIEM) was supposed to make life easier for IT professionals, analyzing the torrent of incoming security data from the network perimeter to provide real-time analysis on security threats. Instead, it seems to have become a bit of an albatross for security pros who have to wrestle with increased complexity and management, according to a survey … Read more
Business Leaders Seek More Intelligent, More Effective Cybersecurity Protection
With the specter of both over-reaching cybersecurity legislation and a Presidential executive order that would expand the authority of federal agencies looming, business leaders have proposed a strategy that would vastly increase the level of threat information sharing between the public and private sectors with the hope that the conciliatory approach will be enough to preclude government actions that would … Read more
Individual Assessments Required with Criminal Background Checks Part 2
Last time, we chatted about the EEOC and their newer guidelines when it comes to screening potential new employees through the criminal background check process. This time, we will discuss what a company can do to help themselves be compliant with the EEOC guidelines. There are 3 things that a company can do to ensure that it follows the EEOC … Read more
Posted in Governance, Risk and Compliance
Tagged Compliance, EEOC, employees, Enterprise Security
Leave a comment
Governance, Risk, and Compliance in an Age of Uncertainty
Having complete visibility, transparency, and control over the entire IT landscape is next to impossible these days, and CISOs everywhere are finding themselves increasingly under pressure to operate effectively in this age of uncertainty. We are doing business in a complex world where big data, hyper-connectivity, and mobility reign supreme. Threats span the gamut from malware to data theft, employee … Read more
Posted in Governance, Risk and Compliance
Tagged CISO, Compliance, Governance, Legislation, risk management
Leave a comment
HIPAA Privacy, Security, Enforcement, and Breach Notification Rules
The “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules” Notice of Proposed Rulemaking (NPRM) were initially published in July, 2010. The Office of Management and Budget (OMB) received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules that had been bundled together in what was called ”Omnibus Final Rulemaking”. One … Read more
Posted in Governance, Risk and Compliance
Tagged Compliance, HIPAA, HITECH Act, security awareness training
Leave a comment
Cyber Monday Spurs Online Cybercrime Smackdown
Whoever coined the phrase “crime doesn’t pay” obviously had not foreseen the advent of the Internet, as the sale of counterfeit merchandise online has evolved into a very lucrative venture for cybercriminals. In the third year of a concerted effort to crack down on the illicit sales, a coalition of law enforcement agencies from the U.S. and Europe have announced … Read more
PCI Risk Assessment Guidelines are No Silver Bullet
Need a leg up on establishing a good risk assessment methodology to comply with the PCI DSS section 12.1.2 regulations? You’re in luck, sort of. The Payment Card Industry Security Standards Council’s (PCI SSC) has released guidelines for all organizations that store, process, or transmit cardholder data to help in the design and implementation of risk assessments that are specific … Read more
Posted in Governance, Risk and Compliance
Tagged Compliance, Guidelines, PCI DDS, risk assessment
Leave a comment
When it Comes to Controls and Compliance, Fix Once and Comply with Many
Fix once and comply with many! This is the holy grail of both controls and compliance for organizations that need to comply with multiple regulations and standards. For example, a large enterprise might have to assure that it’s fully in compliance with SOX, HIPAA, COBIT, PCI and ISO 27001. Determining and implementing the proper controls and validating compliance for all … Read more
