DOJ Weighs-In at Compliance Week

June 03, 2010 Added by:Thomas Fox

Assistant Attorney General for the Criminal Division of the U.S. Department of Justice (DOJ), Lanny Breuer gave the final day’s keynote speech at the Compliance Week 2010 Conference.

Comments  (0)


Compliance or Security?

May 25, 2010 Added by:Mark Gardner

In recent days I have read a few comments like "that's compliance, not security." This has puzzled me. When did the two become divorced? In the interests of full disclosure and for those who have not read anything I have written before, I am an Information Security Auditor, specialising in ISO27001, but I also Audit against other Standards and company policies.

Comments  (11)


Dealing with ISO 27001 & BS 25999-2 Internal Audits

May 20, 2010 Added by:Dejan Kosutic

If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should I employ to do it? It is such a waste of time…

Comments  (0)


Cybersecurity Act of 2010 is Bad Medicine

May 15, 2010 Added by:Richard Stiennon

There are a bunch of cybersecurity bills trickling through Congress right now; some of them several years in the making. Senator Rockefeller’s Cybersecurity Act of 2010(S.773) is deemed the most likely to get voted on by the Senate as it was just unanimously passed through the Senate Committee that he chairs, Commerce Science and Transportation.  

Comments  (2)


What About Web Smuggling?

May 13, 2010 Added by:Dario Forte

After Viagra, guns and fake medicines, now we can purchase contraband cigarettes online. But the police are always on the alert. Here we discuss a recent Italian case. The Italian Guardia di Finanza (Finance Police) recently completed a longstanding investigation of a criminal organization specialized in Internet sales of tobacco products processed outside of Italy.

Comments  (0)


ISAlliance on Finance Sector Cybersecurity

May 11, 2010 Added by:Marjorie Morgan

The lack of software quality or assurance in the products we use within our tech infrastructure. There are simply too many vulnerabilities out there to exploit; this is the underlying heart to most of the problems we face. It allows hackers, criminals or nation states to attack the confidentiality of our information or even the integrity of our information.

Comments  (0)


Marching toward a Global Security Standard

April 19, 2010 Added by:Aaron Simmons

The list of Security regulations is growing and we are headed towards a Global Security Standard.  Where do you see Security standards moving towards?  Is ISO the right environment to wrap all security standards in a nice pretty package?  Do we create additional functions within the scope of ISO 27000 to include the necessary items for the above regulations? 

Comments  (0)


1.5 Million Americans Have Been Victims of Medical IdentityTheft

April 17, 2010 Added by:Robert Siciliano

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim. [1] Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services Department budge...

Comments  (0)


A PCI DSS Overview

April 16, 2010 Added by:Mike Meikle

As a consultant, you get to view the grim expanse of industry regulation more than most.  Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA) and of course the topic of this article, Payment Card Industry Data Security Standard (PCI DSS).

Comments  (0)


New Regulations Will Not Prepare the US for Cyberwar

April 08, 2010 Added by:Richard Stiennon

Senators Rockefeller and Snowe have formulated a new Cybersecurity bill that they describe in today’s Wall Street Journal.  (Use Google news to get to the full article.)  The Bill as proposed will be very disruptive to the operations of every business and will do essentially nothing to prepare the US for cyberwar.

Comments  (0)


Security Consciousness Raising

February 06, 2010 Added by:Bill Wildprett, CISSP, CISA

I’ve been thinking about Security Awareness and different ways of teaching it as a mindset.  We infosec folks think about it all the time, cultivating it as part of our general focus on situational awareness; the general public, corporate and government leaders, SMBs – not as much, perhaps.

Comments  (1)


The Fully Auditable Cloud - Fact or Fiction

October 12, 2009 Added by:Bob Broda

Cloud computing is a rapidly growing phenomena that is being evaluated by companies of all sizes.   Though it has many positives, much of corporate America is not yet ready to accept migrating major applications to the cloud until concerns about security, privacy, and reliability are addressed.

Comments  (0)

Page « < 11 - 12 - 13 - 14 - 15 > »