compliance Blogs

  • Getting started with ISO 27001

    Posted July 8, 2012 - 6:44 pm

    The first step is justifying the first step. Why are you willing to go through an arduous certification process? How it will help your company? The next is getting a whole lot closer to exactly what that means.
  • What is access governance?

    Posted April 15, 2012 - 6:04 pm

    Access governance is more than just the coolest concept since virtualization and cloud computing. It's likely to change the way you manage accounts on your servers. Designed to add clarity and control to questions like "Who has access to the recipe for our secret sauce?", it may be the answer to some of your biggest problems.
  • Competition crowns nation's funniest compliance officer

    Posted June 15, 2011 - 11:53 am

    Recruiter Howard-Sloan crowned a pharma exec nation's funniest compliance officer after a competition pitting the standup of six of the most hilarious stewards of corporate governance.
  • Sony managers could have stopped security disasters by talking to each other

    Posted May 26, 2011 - 1:54 pm

    Governance, risk assessment and compliance are boring; they're also the processes that let companies deal with the fall of one domino before it brings the whole chain down.
  • Group texting may be IT's next headache

    Posted March 15, 2011 - 5:55 pm

    Group texting is free, easy and familiar; users will looove it, often avoiding systems built to comply with rules that specifically require text-tracking.
  • $1 million object lesson in compliance and data protection

    Posted February 25, 2011 - 11:28 am

    Even companies with good programs and good records on compliance can get hit with high fines and costs for errors IT can't prevent.
  • The key to keeping e-discovery cheap

    Posted January 11, 2011 - 7:10 pm

    When they go to court, most companies dump every bit of data they can collect on lawyers, who get paid a lot more than a DBA to filter through it.
  • The 5-step compliance shuffle

    Posted January 7, 2011 - 7:10 am

    If faced with an auditor, or even worse, a court room, you will have to show due diligence and due care. Here are the 5 things you need to know and do (repeatedly) to maintain compliance.
  • IBM scoops up information governance vendor PSS Systems

    Posted October 13, 2010 - 4:16 pm

    IBM on Wednesday announced it has acquired PSS Systems, a privately held company whose software is designed to help large organizations manage electronic documents required to meet legal obligations. Financial terms of the deal were not disclosed. PSS Systems was founded in 2004 and is based in Mountain View, Calif.
  • Global CISOs Want Compliance to be Easier

    Posted October 12, 2010 - 5:33 pm

    Global businesses face tighter enforcement and more specific regulations, which are driving up costs and eroding security. A statement from one group demands changes, from governments that didn't listen to them the first time around.
  • Black Duck Buys One-Stop Dev Portal Coming

    Posted October 5, 2010 - 8:36 am

    Geeknet sold off to Black Duck Software today, raising the promise of a new centralized FOSS developer portal site coming soon.
  • Red Hat v. Oracle: Which is More Standards Compliant?

    Posted September 28, 2010 - 9:09 am

    While the community discussion ramps up for licensing compliance, how are these dualing enterprise Linux players faring with LSB compliance?
  • IBM bolsters business analytics unit with purchase of OpenPages

    Posted September 15, 2010 - 11:27 am

    Aiming to expand its business analytics capabilities to support compliance and risk management processes, IBM today announced it is purchasing Waltham, MA-based software vendor OpenPages. Terms of the deal for the privately held company were not disclosed. Naturally, the acquisition is contingent upon regulatory approval.
  • Why Microsoft is Being Nicer to Open Source

    Posted August 30, 2010 - 12:34 pm

    Companies and independent developers have been using open source for years now, with little regard to the old FUD that said "if you use this software, little Stallman-like demons will eat your soul!" But the growth of open source has led to some interesting scaling problems, and the reason why Microsoft no longer openly uses such FUD.
  • PCI DSS: 4 things to expect in the new version

    Posted July 14, 2010 - 7:42 am

    Every two years the PCI Security Standards Council (PCI SSC) issues a new version of the Payment Card Industry Data Security Standard (PCI DSS) as part of the lifecycle and feedback review process from a wide range of organizations. While no major changes are expected in the upcoming release, here's a rundown of the clarifications you'll see and what they mean to you.
  • Make your security investments do double duty

    Posted November 16, 2009 - 2:33 pm

    Yes, you can get additional ROI from security, business continuity, disaster recovery and compliance investments. Here are three ways to wring more value out of "uneventful" operations.
  • PCI DSS and storage of credit card data

    Posted June 23, 2009 - 5:06 pm

    The PCI (Payment Card Industry) Data Security Standard is all-encompassing, setting a standard for security and protective measures for merchants who store credit card information. Created by the credit card industry, the standard sets forth a set of core standards. From a security perspective, the standards are basic best practices.
  • Compliance, backup, and recovery

    Posted May 15, 2009 - 4:07 pm

    Compliance with the ever-increasing array of legislative mandates presents a burden to management and IT staff alike. If you’re in financial services, you are bound by Gramm-Leach-Bliley; in health care, by HIPAA; or if you’re a publicly-held corporation, Sarbanes-Oxley. If you process credit card payments, there are PCI-DSS rules to consider.
  • Compliance or Security?

    Posted October 15, 2008 - 10:52 pm

    My friend Jesper Jurcenoks, CTO of NetVigilance, a firm that provides network vulnerability testing products, keeps me up to date on all the doings with various PCI (Payment Card Industry) security doings. At a recent PCI conference, JJ (easier than saying Jesper Jurcenoks, and a nickname he provides), heard a line in passing he wishes he came up with. I think I'll steal it from him.

Join today!

See more content
Ask a Question