Blog Posts Tagged with "Regulation"
Obama Unveils Blueprint for Online Privacy Bill of Rights
February 23, 2012 Added by:Headlines
The Obama Administration today unveiled a “Consumer Privacy Bill of Rights” as part of a comprehensive blueprint to improve consumers’ privacy protections and ensure that the Internet remains an engine for innovation and economic growth...
Comments (0)
Cybersecurity Act of 2012 - Cybersecurity Collides with Risk
February 19, 2012 Added by:Rafal Los
This is just a chance to create some new regulatory-agency office, hire a bunch of new auditors, attorneys, experts, and waste more time rather than actually making critical infrastructure more risk-averse...
Comments (0)
Log Management: Debugging Security
February 18, 2012 Added by:Danny Lieberman
Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...
Comments (0)
We Have Every Right to be Furious about ACTA
February 13, 2012 Added by:Electronic Frontier Foundation
While ACTA was only negotiated between a few countries, it has global consequences. First because it will create new rules for the Internet, and second because its standards will be applied to other countries through the U.S.’s annual Special 301 process...
Comments (0)
Why Data Security Regulation is Bad
February 11, 2012 Added by:Danny Lieberman
The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...
Comments (0)
Straight Talk about Compliance from a Security Viewpoint
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
Comments (0)
Insecurity by Way of Compliance
February 08, 2012 Added by:Danny Lieberman
The US leads in data security breaches while the EU leads in data security. The EU has strong, uniform data security regulation, whereas the US has a quilt-work of hundreds of security directives where each agency has it’s own system for data security compliance...
Comments (2)
How Will Facebook’s IPO Impact Online Privacy?
February 02, 2012 Added by:Allan Pratt, MBA
The dramatic shift away from protecting confidential data is due to “the Facebook era.” While we’ve all met new friends and reconnected with family members, the reality is that thieves are out there devising innovative ways to steal our identities and confidential data...
Comments (0)
ISO 27001 and HITRUST for Healthcare Organizations
January 23, 2012 Added by:John Verry
HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...
Comments (0)
WOMMA Releases Social Media Marketing Privacy Guidelines
January 19, 2012 Added by:Headlines
WOMMA applauds the FTC's efforts at making transparency a key point. While it is not yet clear what effect these developments have had on the online marketing industry - we appreciate the agency's efforts to allow industry leaders to develop self-regulatory initiatives...
Comments (0)
Five FFIEC Compliance Tips For Banks
January 10, 2012 Added by:Robert Siciliano
“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective..."
Comments (0)
GSA Final Rule Requires Vendor Proof of Security
January 10, 2012 Added by:Headlines
The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...
Comments (1)
FFIEC Banking Security Guidelines In Effect Soon
January 05, 2012 Added by:Robert Siciliano
The FFIEC updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks...
Comments (0)
Medical Device Security: Killed by Code
January 04, 2012 Added by:Danny Lieberman
I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device)...
Comments (0)
Hacktivism: The End Result Versus the End Goal
December 31, 2011 Added by:Rafal Los
Unless your cave doesn't get the news, you've seen the barrage of and hacking over the past several months. If experience teaches us anything these folks are holding the final nail in the coffin of Internet freedom as it's driven in by the government they fear...
Comments (0)
Chatting With An Auditor About Credit Union Compliance
December 16, 2011 Added by:Ed Moyle
Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...
Comments (0)
- Ransomware: Why Hackers Have Taken Aim at City Governments
- 5 Limitations of Network-Centric Security in the Cloud
- 1 Million South Korean Credit Card Records Found Online
- Top Three Cross-Site Scripting Attacks You Need to Know Now
- Arkose Labs Launches Private Bug Bounty Program
- Eight Steps to Migrate Your SIEM
- What Call Center Fraud Can Teach Us about Insider Threats
- Best Practices for Remote Workers’ Endpoint Security
- Cisco Patches Critical Flaw in Vision Dynamic Signage Director
- Cybersecurity: Drones Will Soon Become Both Predator and Prey