A survey of multinational corporations found those companies that performed internal audits spent less per capita on compliance than those that didn’t perform any. – The penalties for being out-of-step with compliance mandates are not going away, and neither is the cost of keeping up with regulations.
However, a new report from the Ponemon Institute revealed that more compliance audits can actually have the effect of lowering the price tag.
According to the …
Health & Safety Incident Reporting Software
CMO COMPLIANCE is one of the worlds leading Health, Safety & Environment Incident Reporting management software solutions.
Global Leaders such as Barrick Gold and Dolphin benefit from the CMO COMPLIANCE Solution to manage HSE processes and drive continual operational performance whilst reducing risks & costs.
Cisco is talking wireless security with new announcements the company says are meant to go beyond PCI DSS requirements. – Cisco is looking to bolster wireless security with an eye toward going above
and beyond compliance with Payment
Card Industry (PCI) requirements.
Part of that starts with the addition of new PCI compliance reporting
capabilities for the Cisco Wireless Control (WCS). On top of its previous
PCI …
With the new year around the corner, it’s not too early for businesses to begin lining their compliance initiatives up with the new PCI 2.0 rules. – The onset of the new year will bring with it new compliance regulations.
The updated version of the Payment Card Industry Data Security Standard (PCI
DSS) will go into effect Jan. 1. Though
companies technically have until 2012 to implement any changes validation
against the previous version of …
In almost every category of business, companies are required to ensure network security and comply with government and industry regulations around access control and data retention. These requirements are handed down by federal and state governments, and many industry standards groups have their own sets of rules. In many cases, companies are compelled to follow several standards at once. These standards arent set in stone, though. They evolve every year, with new requirements and recommendations added to the mix. Just this year, HIPAA and PCI-DSS were expanded to include new regulations.
Evolving standards make compliance efforts difficult for companies that dont have comprehensive and flexible security tools in place. This video discusses what features to look for in establishing and maintaining your companys compliance solution.
– Video Content.
Investments in new processes and applications meant to provide competitive edge often disappoint because users fail to fully utilize complex systems. More companies are turning to Business Process Guidance Systems (BPG) — a new category of real-time desktop software that proponents say improves productivity, responsiveness, cost-effectiveness, and compliance speed for critical enterprise functions like customer service, ERP, CRM and more. In this interview, Joe Maglitta, VP and Editorial Director for Ziff Davis Enterprises, chats with David Frankel, CEO of Panviva, a leading global BPG player, on smarter paths to profit and compliance. The secret: Automatically keeping users oriented and informed no matter where they are in the process.
– Video Content.
In a report on vulnerability management trends, eEye discovered that for many IT staffers regulatory compliance iniatitives can take up as much as half their work week. – Compliance mandates are eating up as much as half of the work week for many security pros, according to a survey from eEye Digital Security.
In its “2011 Vulnerability Management Trends Report”, eEye surveyed 1,963 IT security pros. More than 85 percent of respondents have compliance mandates such …
There is a chronic shortage of man power, money and system bandwidth to deal with the ever increasing number and complexity of IT security threats. What’s more, compliance and audit requirements deplete resources that could otherwise be used for fundamental security problems. Here, Knowledge Center contributor Mitch Christensen explains how existing staff and systems can be leveraged to satisfy compliance and audit requirements, with a look at increasing operational efficiency to improve overall business risk management. – In the current environment of limited IT staff and budget, efficiency is everything. Nowhere is this more applicable than for IT security teams. There simply aren’t enough staff and systems to meet the ever increasing challenges and requirements posed by compliance regulations, internal audits and b…
The PCI Security Standards Council has updated the PCI DSS and PCI PA-DSS with a number of clarifications meant to help businesses improve compliance and security. – The PCI Security Standards Council officially unveiled updated
versions of compliance regulations Oct. 28 with minor changes meant to
clarify the requirements organizations face.
The revisions to the PCI DSS (Payment Card Industry Data Security Standard) and the PCI PA-DSS (Payment Card Industry …
If your organization handles customer financial and personal information, you need to regularly scan your servers and outward-facing applications to ensure that this data is protected from hackers. The Payment Card Industry Data Security Standard (PCI DSS) guides IT organizations, but staying in compliance with these guidelines is a huge undertaking. However, QualysGuard PCI Compliance puts the right tools at your fingertips. There is nothing to download, and getting started takes a matter of minutes, once you set up your account. Everything is handled with a Web browser-based control panel that is easy to navigate and operate. The service asks for the IP addresses of your servers that are facing the public Internet that it can then scan for potential vulnerabilities. It includes a wizard that walks you through this discovery process to ensure that you have included all of your necessary servers that handle financial and personal data and that network infrastructure is configured correctly. – …
If your organization handles customer financial and personal information, you know you need to regularly scan your servers and outward-facing applications to ensure this data is protected from hackers. – If your
organization handles customer financial and personal information, you know you
need to regularly scan your servers and outward-facing applications to ensure
this data is protected from hackers. The Payment Card Industry Data Security
Standard (PCI-DSS) has
been created to guide IT organ…
Today’s complex IT infrastructures have made identity management a business issue that engages not only IT in identity management compliance and security processes but business managers as well. Here, Knowledge Center contributor Mark McClain shares three best practices that IT should follow to ensure that business managers are active and effective participants in identity management compliance and security processes. – Global corporations have recently begun to recognize that identity management is very much a business process that underpins compliance and security efforts. Identity management has always been an extension of core business processes, ensuring that users have the access they need to do their jobs. W…
Managed file transfer, or MFT, is a subject that needs attention, especially, especially when it comes to issues such as enterprise security and compliance. What is MFT? Simply, MFT uses different types of applications to securely transfer data from one computer to another. This small but important area of IT management has recently garnered some attention after IBM bought Sterling Commerce for more than a $1 billion and MFT specialist Ipswitch merged with Message Way. Recently, eWEEK published a strategy paper on the role of MFT in enterprise security and compliance. The information is based on a survey that Ziff Davis Enterprise, eWEEK’s parent company, conducted with IT managers about how they use MFT. The survey looked at what issues IT managers consider when building out security- or compliance-related systems, and what types of issues MFT helped solve. Here, eWEEK presents the most interesting and salient findings of the paper, titled "Managed File Transfer: The Unsung Security and Compliance Solution." – …
IBM has agreed to acquire OpenPages, which designs risk-management and compliance software, as part of its attempts to build out its business analytics portfolio. – IBM has agreed to acquire OpenPages, a company whose
products identify and administer risk and compliance activities via a single
management system. The acquisition will increase IBMs business analytics
portfolio, allowing it to support compliance and risk-management processes.
Financial terms o…
To comply with various standards and regulations, companies have traditionally adopted governance, risk management and compliance technologies in a commonly accepted maturity model. But here, Knowledge Center contributor Pravin Kothari challenges that traditional governance, risk management and compliance adoption maturity cycle and proposes a new model for governance, risk management and compliance technology adoption. – Governance, risk management and compliance (GRC) is a very broad discipline consisting of policies, compliance, enterprise risk, operational risk, governance and incidents. There is no such thing as a standard maturity model in terms of which specific function to start with and how to proceed after …
LogRhythm does a good job of putting needed information in one’s hands accurately and quickly; it supplies alerts for predefined events and data for compliance reporting. – Any serious IT compliance regime has to include processes
for analyzing and interpreting the extensive, detail-packed log files produced
by applications, servers and network equipment. This only sounds easy when
you’re not the one who has to go through these records on a regular basis; it’s
expo…
All security standards and Corporate Governance Compliance Policies such as PCI DSS, GCSx CoCo, SOX (Sarbanes Oxley), NERC CIP, HIPAA, HITECH, GLBA, ISO27000 and FISMA require devices such as PCs, Windows Servers, Unix Servers, network devices such as firewalls, Intrusion Protection Systems (IPS) and routers to be secure in order that they protect confidential data secure.
RSA Solution for Cloud Security and Compliance is aimed at managing security, risk and regulatory compliance of cloud infrastructures–multitenant or otherwise. – On Day One of VMworld 2010,
EMC’s RSA security arm on Aug. 30 introduced a new integrated security
and compliance package designed expressly for multitenant cloud
computing.
RSA Solution for Cloud Security and Compliance is aimed at managing
security, risk and regulatory compliance of cloud
…
Displaying the fruits of its recent BigFix acquisition, IBM has announced new software to deliver greater security and compliance to thousands of laptops, PCs and servers globally. – Displaying the fruits of its recent BigFix acquisition, IBM has announced new software to deliver greater security and compliance to thousands of laptops, PCs and servers globally — automating some of the most time-intensive IT tasks.
IBM closed its BigFix acquisition in July 2010. BigFix softwa…
The Linux Foundation announces the launch of its Open Compliance Program, which includes tools, training and a standard format for reporting software licensing information. – The Linux Foundation on Aug.
10 announced the launch of the Open Compliance
Program, which it described as quot;a comprehensive initiative that
includes tools, training, a standard format [in which] to report software
licensing information, consulting and a self-assessment checklist that will h…
