Compliance news, information, and how-to advice

3 ways to reduce BYOD legal liability with the right conversation

As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns? The key to turning a potential liability into an opportunity lies in having

Blue bank vault

Security should no longer be 'cementing' the status quo

If your security program is struggling, don't stick with it simply because it's the way things have always been done. Sometimes, adaptation and change can be for the better

Windows XP can put SOX, HIPAA, credit card security-compliance at risk

When Microsoft stops supporting Windows XP next month businesses that have to comply with payment card industry (PCI) data security standards as well as health care and financial standards may find themselves out of compliance unless...

CDW Integrates with Google Apps for Cloud Collaboration

Through a partnership with Google and Esna Technologies, CDW has rolled out native access to the CDW Cloud Collaboration suite within Google Apps.

4 Lessons CIOs Can Learn From the Target Breach

Retail giant Target made headlines after announcing that 110 million Americans were affected by a massive data breach at its stores. If you want to avoid the same fate, pay attention to these four lessons learned in the wake of the...

IBM calls for surveillance reforms, says they've given the NSA nothing

In a public letter, IBM's general counsel and senior VP of legal and regulatory affairs, Robert Weber, says that his company hasn't given the NSA any data under the PRISM program, while calling for surveillance reform.

Avoid 85 percent of cyber attacks with free tool from Qualys

The Pareto Principle—often referred to simply as the 80/20 rule—can be applied successfully to a vast number of things. The basic idea is that if 20 percent of the effort yields 80 percent of the results.

Who should be responsible for financial fraud?

Improvements in payment protections are shifting the liability for fraud to the least-secure party

Predictive Defense and Real-Time Insight: The Next Step in Advanced Threat Protection

Download this complimentary report, featuring the Gartner Research "Designing an Adaptive Security Architecture for Protection From Advanced Attacks", and learn why organizations can't rely solely on traditional blocking

Experts question security used in Target breach

Security experts determining whether third-party vendor had too much access to Target's point of sale systems

If Target got breached because of third party access, what does that mean for you?

The real opportunity for security professionals is to side-step speculation and use the coverage to spark productive conversations. The kinds of discussions that help others understand your value and set the stage for necessary...

Shift to EMV cards expected to increase online fraud

Change to chip-and-pin cards may reduce in-store fraud, but increase problems online, say experts

Does chip-and-PIN actually solve the problem? Find out by asking these questions

Defining any problem in terms of the solution is a dangerous, if not common, shortcut. We need to ask some hard questions and have a serious discussion about chip-and-PIN before presenting it as the solution or we risk the credibility

Healthcare Information Management: A New Urgency

With the challenges of an evolving regulatory environment and the information overload problem with management practices, many organizations have now reached an inflection point.

PCI Council says government should stay out of payment card standards

Standards body says government should continue to let private sector dictate rules for protecting card data

Survey says more attention being paid to data privacy, but still a ways to go

PwC released results of 2013 data privacy survey late last year, which pointed to increased communication, but also continuing struggles to meet compliance and regulation requirements

CSO 2.0: How to take your security program to the next level

Security is all about the big picture now. Here are some pointers from George Viegas on how the "CSO 2.0" can take a more effective approach to security in 2014 and the future

Thoughts on the Target breach and why the incident might not matter

Bob Bragdon, fellow CSO blogger, and the magazine's founding publisher, recently posted some thoughts on the Target incident. It got me to thinking, and recalling conversations I had this past weekend. From his blog:

Social Media and Compliance: Overview for Regulated Organizations

The growing use of social media in business today is undeniable. Social media is fast, ubiquitous, and in many cases produces measurable ROI to a business; however, it also poses significant risks that can become public and

PCI DSS 3.0 is an evolution, not a revolution

The updated standard won't stop major breaches, experts say, but it improves the odds for the good guys

Major attacks on retailers cast spotlight on higher-security cards

Attacks on Target, Neiman Marcus, and other major retailers may lead to adoption of "chip-and-pin" cards

Will Snowden's whistleblowing really change the way business is done?

Love him or hate him, Edward Snowden has changed the world. Time will be the only determining factor of if that change was for good or for ill. However, will the revelations from the leaked NSA documents, and the public's perception...

7 ways to work around security compliance problems

Security and privacy regulations strive to ensure organizations are adhering to necessary standards. But they can also cause a lot of headaches — and sometimes even weaken your security efforts. Here are seven ways to...

Load More