http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14495.html Global DataGuard, the premier provider of network behavioral analysis-based (NBA) Enterprise Unified Threat Management for small and medium business to large enterprise environments today announced that Info Security Products Guide, a worldwide expert in the information security industry, has recognized the company's patent-pending Network Security Zones(TM) (NSZ) solution with 2008 Tomorrow's Technology Today awards in three distinct categories: Unified Security, Network Security Solution and Security Risk Management. Editors of the Info Security Products Guide publication continuously research and analyze products and technology from more than 750 vendors worldwide. With the Tomorrow's Technology Today awards, they recognize an elite group of vendors who set the standard for innovation in the information security arena. The NSZ system was recognized in multiple categories for its unique ability to prevent data leakage and help customers achieve regulatory compliance across multiple v http://www.compliancehome.com/resources/FISMA/Articles/abstract14495.html Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14488.html The U.S. National Institute of Standards and Technology (NIST) has released a publication to help IT managers assess security controls. The U.S. National Institute of Standards and Technology (NIST) last month released a new publication aimed at helping IT managers assess security controls in their information systems. The Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, the document defines a process for determining if security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting organisational security policies. The publication is expected to be useful to IT managers who must satisfy requirements of the 2002 U.S. Federal Information Security Management Act (FISMA), as well as to IT professionals across the industry. http://www.compliancehome.com/resources/FISMA/Articles/abstract14488.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract14480.html In the mid- 1990s, we watched business networking gradually moveonto the public Internet. Every business, every federal agency had a connection to the Internet. It wasnt terribly mission-critical in those days. This is when the firewall was introduced. You had your enterprise network. People had a pretty good grasp of their largely private-line infrastructure. They had their set of carriers that they dealt with. And they had an Internet connection with a firewall. It felt very manageable. There wasnt a great deal of complexity. But over time, two things have happened: One is that the one Internet connection became thousands and thousands of connections. And second, that firewall has expanded to include intrusion-detection and -prevention systems, antivirus and anti-spam measures, [Web page] filtering, and threat management policies. Where is this all going? We think the big mess that sits at every Internet gateway can be virtualized. When I say virtualized, I mean it can be pushed o http://www.compliancehome.com/resources/FISMA/Webinars/abstract14480.html Wed, 09 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14401.html FISMA is taking on new life only this time, in the form of http://www.compliancehome.com/resources/FISMA/Articles/abstract14401.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14382.html There is no question that the Federal Information Security Management Act has changed the way information technology managers do their jobs. It has changed the way agencies write requests for proposals and set standards for vulnerability and configuration scanning and it eats up days and weeks in the production of reports. The question remaining is whether federal IT systems are more secure now. Rich Kellet, IT security officer at the General Services Administrations Citizen Services and Communications office, gave a qualified yes. Requirements for monthly vulnerability scans with deadlines for correcting critical problems have resulted in more secure systems. But Kellet described himself as skeptical about the overall requirements for detailed reporting to the Office of Management and Budget. One of the bright spots in the FISMA paradigm is the guidance produced by the National Institute of Standards and Technology. The 800-series of special publications produced by the NIST Comput http://www.compliancehome.com/resources/FISMA/Articles/abstract14382.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14325.html The complexity of identity and access management (IAM) software requires adequate planning to ensure the benefits filter through to the entire business. According to Karel Rode, Principal Consultant for the Security Practice at IT management company CA, IAM is not off-the-shelf software. Rather than providing plug-and-play functionality, IAM is complex software that requires substantial planning and often staged deployments for success. http://www.compliancehome.com/resources/FISMA/Articles/abstract14325.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14323.html Federal Information Security Management Act (FISMA) requirements pad on the paperwork for agencies, but the demands of the Act have made a positive impact in computer security. Security gains by federal agencies shut off numerous existing vulnerabilities, thanks to the demands of FISMA for regular monthly scans for problems. The paperwork demands have security pros working in government hoping for a fix for that when Congress looks at FISMA again. Government Computer News said the paperwork requirements make those pros blanch. One such pro, GSA Citizen Services and Communications IT security officer Rich Kellet, said the reporting takes up nearly four weeks out of the year to prepare. http://www.compliancehome.com/resources/FISMA/Articles/abstract14323.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14322.html The National Institute of Standards and Technology released on Monday guidelines for agencies to test how well their computer systems fend off cyberattacks. Many analysts say the recommendations could be the first step in fixing one of the more serious flaws in government's approach to network security. NIST's instructions detail how agencies can assess their procedures for testing security controls for information systems. The release is the latest addition to the NIST Special Publication 800 series, which offers research and guidelines to help agencies implement the 2002 Federal Information Security Management Act. SP 800-53A explains how to evaluate a network's security controls, risk management processes, and security strengths and weaknesses of information systems that support missions and applications. http://www.compliancehome.com/resources/FISMA/Articles/abstract14322.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14304.html The National Institute of Standards and Technology has released final revisions to three of its 800 series of special publications on information technology security. NIST calls SP 800-79-1, titled Guidelines for the Accreditation of Personal Identity Verification Card Issuers, a substantial improvement over the original version. PIV cards can be used across agencies for physical and logical access. They incorporate a common set of identity proofing and issuing standards, as well as other technologies. Each agency will be responsible for certifying and accrediting the issuer of its cards. Certification is the process of assessing the reliability, availability and capabilities of the issuers personnel, equipment, finances and support infrastructure. A designated authority within an agency performs accreditation the management decision to authorize operation. http://www.compliancehome.com/resources/FISMA/Articles/abstract14304.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14303.html There is no question that the Federal Information Security Management Act has changed the way information technology managers do their jobs. It has changed the way agencies write requests for proposals and set standards for vulnerability and configuration scanning and it eats up days and weeks in the production of reports. The question remaining is whether federal IT systems are more secure now. Rich Kellet, IT security officer at the General Services Administrations Citizen Services and Communications office, gave a qualified yes. Requirements for monthly vulnerability scans with deadlines for correcting critical problems have resulted in more secure systems. But Kellet described himself as skeptical about the overall requirements for detailed reporting to the Office of Management and Budget. http://www.compliancehome.com/resources/FISMA/Articles/abstract14303.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14297.html Symantec has announced an update to its Control Compliance Suite 9.0 software aimed at supporting information technology governance, risk and compliance initiatives. The software is designed to help customers automate key IT compliance processes to reduce the cost of managing compliance, said Jitesh Chanchani, Symantecs director of product management for compliance and security solutions. Government IT teams have to interpret vaguely written mandates, manage risk and support recurring audits for programs such as the Federal Information Security Management Act and Federal Desktop Core Configuration initiative, Chanchani said. What our product does is take an end-to-end look at that process and automate it, he said. So your cost for demonstrating compliance goes down, and you get a much better handle on your assessment of risk. People too often work in silos, which results in a lot of duplicated effort, Chanchani said. With the Symantec product, agencies can standardize on one platf http://www.compliancehome.com/resources/FISMA/Articles/abstract14297.html Fri, 27 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14261.html Information The New Battleground for Security Today, unlimited access to the Internet and unprecedented mobility are changing the global landscape. Infocomm security is both a business and technology issue. The battle ground for security no longer revolves around the infrastructure, it now revolves around information. In this digital economy, information can be easily shared and accessed anytime and anywhere. The risks to information are REAL and growing. Symantecs IT Risk Management Report Vol 2 (February 2008) found that 46 percent of companies surveyed expect a serious data loss incident at least once a year. Therefore it is of paramount importance that we rethink our approach to security so that we can enable you our customers - to have confidence in your connected experiences. Putting in place the strategy and controls to prevent sensitive data loss is no longer an option. The risks, costs and external pressures are forcing the issue. A publicly reported data breach can cos http://www.compliancehome.com/resources/FISMA/Articles/abstract14261.html Fri, 27 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14248.html Compliance is a top of mind issue for contact centers, especially those conducting outbound campaigns. Enterprises and nonprofits alike need to stay within what is often a confusing and ever-changing set of laws and regulations. Here are five compliance tips from the American Teleservices Association (ATA): 1. Have knowledge of the rules 2. Have written compliance guidelines 3. Meet recordkeeping requirements 4. Have mutually-supportive due diligence 5. Have a defendable position http://www.compliancehome.com/resources/FISMA/Articles/abstract14248.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14235.html New York Gov. David A. Paterson recently announced that the Legislature has reached an agreement on a bill that would strengthen New York's identity theft laws in a variety of ways, including the enhancement of privacy protection in the workplace and programs to aid those who have had their identities stolen. Identity theft is the most common consumer fraud complaint and the fastest growing financial crime, affecting approximately 10 million Americans each year. In 2007, New York ranked sixth in the country in per capita identity theft complaints, according to Identity Theft Data Clearinghouse of the Federal Trade Commission (FTC). http://www.compliancehome.com/resources/FISMA/Articles/abstract14235.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14221.html Sixty-eight percent of employees admit to bypassing their employers information security controls in order to do their jobs, according to new research from IT Governance Limited. This finding suggests that, even in some of the most sophisticated and security-conscious organizations, managers are failing to understand the correct balance between the confidentiality and availability of information. By implementing the wrong policies and procedures, they are potentially putting their organizations at risk and may be undermining the legitimacy of information security in employees eyes. IT Governance Limited is a one-stop-shop for books, tools, training and consultancy on governance, risk and compliance. In February 2008, it polled 130 technology and compliance professionals on issues concerning the UK Data Protection Act (DPA). http://www.compliancehome.com/resources/FISMA/Articles/abstract14221.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14218.html E-discovery and auditing are flip sides of a single coin, the one concerned with retention of records and their production in litigation, the other with studying records to verify the correct of execution of corporate business processes and accounting procedures. Extending the metaphor, compliance is the coin standing on edge: neither anticipation and response to litigation (e-discovery) nor historical analysis (auditing) but rather operational rules and monitoring designed to ensure that businesses stay out of legal and accounting trouble. The three concepts compliance, e-discovery, and auditing are easy to confuse, but the difference is key. All three practices rely on indexing and search. All three assume retention and archival of electronically stored information (ESI). And of course e-discovery is itself the response to a mandate that calls for process compliance, for compliance with the Federal Rules of Civil Procedure, and auditing verifies compliance in e-discovery and in r http://www.compliancehome.com/resources/FISMA/Articles/abstract14218.html Tue, 24 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14203.html Todays archiving solutions are typically deployed enterprise-wide to retain and consolidate information for extended periods of time. Drivers for archiving solutions usually cover specific compliance retention legislation or storage management requirements for email, collaboration, file system and network attached storage (NAS) data. Comprehensive archive management can be simplified and become more agile with built-in tiered storage, multiplatform support and active email archiving. These capabilities ensure that data is being preserved for compliance purposes while being adaptable for the future and are critical to enabling businesses to consistently meet evolving industry standards. While this process may seem rather straightforward, in many cases, making it happen is easier said than done. A business can run across any number of challenges when implementing an archiving solution from understanding the decisions that drive the archiving policies to the nature in which archive data http://www.compliancehome.com/resources/FISMA/Articles/abstract14203.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14180.html Global DataGuard Inc., a provider of network behavioral analysis-based (NBA) enterprise Unified Threat Management (UTM) for small and medium business (SMB) to large enterprise environments, announced Monday this week that the company's fully integrated enterprise UTM solution provides comprehensive event and global threat management, along with actionable business intelligence, through an easy-to-use, instant view of prioritized threats and the underlying data that created them, all from a single console. According to Forrester Research Inc., a key mistake that IT executives make when implementing a strategic plan is not linking IT initiatives and metrics to business needs, making it impossible to know whether or not the plan is on track or producing the desired results. http://www.compliancehome.com/resources/FISMA/Articles/abstract14180.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14116.html The government does not have adequate privacy protections for the personal information it collects, shares and stores as part of the effort to fight terrorism, according to a new report by a U.S. watchdog agency. The Government Accountability Office (GAO) says that new laws are needed to safeguard people's personal information. Decades-old laws no longer cover the http://www.compliancehome.com/resources/FISMA/Articles/abstract14116.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14115.html Federal agencies are failing to test their IT security controls consistently, a new General Accounting Office report has found, Government Accounting News reports. Federal agencies have not adequately designed and effectively implemented policies for periodically testing and evaluating information security controls, the GAO concluded after surveying 24 major agencies and conducting in-depth case studies on 30 IT systems at six of the agencies. The report was ordered by Rep. Tom Davis (R-Va.), the original sponsor of FISMA, the Federal Information Security Management Act. Apparently no agencies are compliant with the law, passed in 2002. http://www.compliancehome.com/resources/FISMA/Articles/abstract14115.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14104.html Information security is a hard practice. When nothing happens, it's a good day. Attackers only have to hit the jackpot once in order to be successful. Security professionals have to be right every time. No wonder most practitioners continue searching for the http://www.compliancehome.com/resources/FISMA/Articles/abstract14104.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14080.html The evidence is compelling: IT governance, risk and compliance (GRC) is good for business. If that doesn't seem to be the case at your company, maybe you're not doing it right. A realistic and well-executed IT GRC program pays big dividends in reduced costs, reduced risk, consistent compliance, increased business and even better morale, according to a panel which addressed the subject at the Symantec Vision 2008 conference in Las Vegas this week. The panel cited the striking results of a recently released annual report of the IT Policy Compliance Group, from research conducted with more than 2,600 organizations around the world. Companies with the most mature IT GRC practices, performed on average, 13% to 17% higher in customer satisfaction, customer retention, revenue, profit and reduced expenses, than those with the least mature practices. http://www.compliancehome.com/resources/FISMA/Articles/abstract14080.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract14032.html CA made news this week with updates across its security and management product portfolios, but the software maker's work in governance, risk and compliance management in particular caught one industry watcher's eye. http://www.compliancehome.com/resources/FISMA/Articles/abstract14032.html Tue, 03 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13923.html Catbird announced a Virtual Infrastructure Security Assessment (VSA). Catbirds VSA helps IT administrators identify and close the potential gaps in security and compliance created in the move from P to V. The 30-day assessment includes a thorough security analysis, detailed reports with actionable intelligence and a comprehensive plan to mitigate risk and protect critical virtual systems, networks, desktops and processes. Catbirds VSA combines traditional security assessment methodologies with virtual infrastructure telemetry gathered through Catbirds stateless, non-invasive V-Agents to deliver robust scrutiny previously unachievable with existing mechanisms. The VSA identifies the scope and magnitude of the virtualization compliance gap through qualitative and quantitative analysis of the new architectures impact on change control, separation of duties, network visibility and segmentation, and secondary validation. http://www.compliancehome.com/resources/FISMA/Articles/abstract13923.html Tue, 03 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13918.html A House measure to authorize NASA's programs for fiscal 2009 would also direct the space agency to report to Congress on the effectiveness of its network security controls. Also, if the legislation as written becomes law, the Government Accountability Office would test NASAs network for vulnerabilities and provide the results in a restricted report to NASAs oversight committees. The space agency would also detail the corrective actions it has put in place to prevent such intrusions. The House Science and Technology Committees Space and Aeronautics Subcommittee approved the measure May 20. The full committee is scheduled to consider the legislation June 4, a committee spokeswoman said. http://www.compliancehome.com/resources/FISMA/Articles/abstract13918.html Tue, 03 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13906.html There's been a great deal of concern about data loss over the past year or so. The Office of Management and Budget (OMB) came out with a directive in Memo 06-16 requiring Full Disk Encryption for all mobile devices. Now there's a new vulnerability identified that shows the key can be retrieved from volatile memory, so devices that go into hibernation are also vulnerable. Randy Nash discusses the patterns of data loss, security policy, full disk vs. folder encryption (human error), the OMB 06-16 memo, and the new vulnerabilities related to volatile memory. http://www.compliancehome.com/resources/FISMA/Articles/abstract13906.html Tue, 03 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13903.html Thirty-five Arab Bank Compliance Managers representing 22 countries, spanning 5 continents were in attendance throughout the duration of the four day event. The first day of the session, addressed to an audience of more than 60 Arab Bank Compliance Managers and GRC Head Office staff, conducted by an internationally acclaimed AML instructor, was dedicated to advanced AML investigations training; additional intensive hands-on investigations training was conducted separately for Arab Bank AML Office staff. http://www.compliancehome.com/resources/FISMA/Articles/abstract13903.html Tue, 03 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13901.html Cadence Design Systems New IP Cadence Design Systems The Cadence OpenChoice IP program delivers world-class IP solutions for both Design and Verification IP. Targeting communications, computer and consumer applications, we provide customers with access to off-the-shelf IP as well as IP solutions that can be tailored to your individual needs. Cadence's Verification IP encompasses the full spectrum of the Incisive verification solution for the industry's most complex and demanded protocols including PCI Express, AMBA, USB, Ethernet, OCP and SATA. Cadence VIP's value proposition is to maximize product quality and predictbility while minimizing verification environment bringup time and resource requirements. Cadence also uniquely provides the Compliance Management System to automate compliance verification. Our design IP portfolio includes protocol handling digital cores, SerDes and PHY solutions and verification IP for a wide range of standards based communications interfaces, as well as http://www.compliancehome.com/resources/FISMA/Articles/abstract13901.html Fri, 30 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13899.html The disconnect between regulations and security has even caught the attention of Capitol Hill. One example: Fisma (Federal Information Security Management Act) compliance is up. The Office of Management and Budget reported that in 2007, 92 percent of information systems were certified and accredited, 86 percent of agencies had a tested contingency plan and 95 percent had tested security controls. The appropriate response: something along the lines of http://www.compliancehome.com/resources/FISMA/Articles/abstract13899.html Fri, 30 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13898.html There's been a great deal of concern about data loss over the past year or so. The Office of Management and Budget (OMB) came out with a directive in Memo 06-16 requiring Full Disk Encryption for all mobile devices. Now there's a new vulnerability identified that shows the key can be retrieved from volatile memory, so devices that go into hibernation are also vulnerable. Randy Nash discusses the patterns of data loss, security policy, full disk vs. folder encryption (human error), the OMB 06-16 memo, and the new vulnerabilities related to volatile memory. When it comes to information security, unfortunately there is no http://www.compliancehome.com/resources/FISMA/Articles/abstract13898.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13863.html U.S. government agencies are scrambling to plug one of their biggest security holes: sensitive information -- names, addresses and Social Security numbers, for example -- stored on laptops, handhelds and thumb drives. In the last year, agencies have purchased 800,000 licenses for encryption software through the federal Data at Rest (DAR) Encryption program, which is run jointly by the General Services Administration and the U.S. Department of Defense. http://www.compliancehome.com/resources/FISMA/Articles/abstract13863.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13862.html While nearly half of U.S. retailers have been hit with some kind of information security attack, only a small percentage of them have actually reported breaches to their customers, research company Gartner reports. In a new study based on interviews with 50 U.S. retailers, Gartner found that 21 of them were certain they had had a data breach. However, just three of the retailers had disclosed the incident to the public. The small number of retailers in the survey make it impossible to draw any firm conclusions from the data, but it does underscore a noteworthy trend, said Gartner analyst Avivah Litan. http://www.compliancehome.com/resources/FISMA/Articles/abstract13862.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13852.html The recently released U.S Federal Computer Security Report Card for 2008, indicates that several critical to national security departments continue failing to implement the Federal Information Security Management Act (FISMA).From a cyber espionage perspective, the lack of prioritization of departments that must be audited first, often results in anecdotal cases. Case in point, who cares if the Environmental Protection Agency scored A+ when the Nuclear Regulatory Commission and the Department of the Interior have been failing for 2006 and 2007 altogether? And isnt it disturbing to know that Housing and Urban Development scores higher than the Department of Defense? Secured by default through the use of (outdated) information security acts isnt perfect, and the results of such assessments shouldnt be taken for granted. Thats mostly because the threatscape and the dynamic development of a departments infrastructure is prone to grow faster than a standard can keep up with the threats http://www.compliancehome.com/resources/FISMA/Articles/abstract13852.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13848.html Shavlik Technologies, a provider of security and compliance readiness software, announced that NASA has included its security products under the Solutions for Enterprise-Wide Procurement (SEWP IV) Program. Thanks to this multi-year contract, Shavliks full security solution suite will be available to Federal government customers who need to fully comply with Federal Information Security Management Act of 2002 (FISMA) reporting requirements. Using the Security Content Automation Protocol (SCAP), Shavliks Security Suite which includes NetChk Protect for vulnerability management, and NetChk Compliance for security configuration management simplifies and automates vulnerability management, measurement, and policy compliance evaluations. http://www.compliancehome.com/resources/FISMA/Articles/abstract13848.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13842.html Formulator Lab-Book with the Regulator module allows the formulation chemist or regulatory agent to develop and create Material Safety Data Sheets (MSDS) forms and hazardous container labels Jim DeGroff, managing partner of Formulator Software, and Mike Harvey, president of Nexreg Compliance agree to a venture combining the Formulator software MSDS development tools with Nexreg's regulatory knowledge and translation skills This supplies clients of the two companies with software tools, regulatory guidance and translation services to meet the wide range of regulatory requirements to provide worker safety information to manufacturers of chemical products http://www.compliancehome.com/resources/FISMA/Articles/abstract13842.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13838.html Governor David A. Paterson today announced that he has introduced legislation that would strengthen New York State.s identity theft laws by protecting individuals from the misuse of their personal information. In recent years, identity theft has prompted frequent legislative action, but significant gaps remain in New York State.s identity theft laws. http://www.compliancehome.com/resources/FISMA/Articles/abstract13838.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13817.html The government's overall information security grade has improved from a C-minus to a C, according to the Federal Information Security Management Act's score card. The score card compared the years 2006 and 2007. The House Oversight and Government Reform Committee issues the annual score card based on agency reports required by the 2002 FISMA law. Although the government's score has improved since the first score cards reported failing grades, Rep. Tom Davis (R-Va.), the ranking minority member on the committee, said it's not adequate. http://www.compliancehome.com/resources/FISMA/Articles/abstract13817.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13816.html Federal agencies continued showed slight improvement in 2007 in their ability to protect sensitive data, scoring a http://www.compliancehome.com/resources/FISMA/Articles/abstract13816.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13815.html Federal agencies as a whole scored higher in their compliance with information-security rules in 2007 compared to the previous year, but nine of twenty-four agencies continue to post a failing grade, according to an annual report card published on Tuesday. The report card (pdf), which gives a numerical grade to each government agency for its compliance with the Federal Information Security Management Act (FISMA) of 2002, gave a grade of 'C' to the combined government effort. As previously reported by SecurityFocus, the two-dozen agencies that are included in the report card did slightly better in complying with FISMA rules than in 2006, in which they scored a 'C-'. However, nine of the agencies -- including the Departments of Commerce, Defense and Treasury -- score failing grades on the latest report card. http://www.compliancehome.com/resources/FISMA/Articles/abstract13815.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13814.html The federal government earned an overall grade of http://www.compliancehome.com/resources/FISMA/Articles/abstract13814.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13796.html SecurityReporter is a flexible, scalable, one-stop Security Event Manager (SEM). During the review of the SnapGear SG565, Tech Herald was also able to use and review SecurityReporter as it is licensed for each SnapGear unit. SecurityReporter is tricky to manage at first, but once you get it running, compliance reports and general monitoring are a cinch. Getting started requires that you use your my Secure Computing portal to download the SecurityReporter files. This portal is granted to any Secure Computing customer and is where you license and manage value added services. The installation is simple to follow and you are guided through most of the parts. After the initial install is done, you need to license the device, in this case a SnapGear SG565, and after that, you are finished. http://www.compliancehome.com/resources/FISMA/Articles/abstract13796.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13795.html When it comes to securing its computer systems, the federal government gets a C grade. Thats up slightly from the C-minus it earned last year on an annual information security report card handed out by Rep. Tom Davis, R-Va., ranking member of the House Oversight and Government Reform Committee. While pleased the government is showing some improvement, Davis said he would like to see more oversight of information security practices and real consequences for agencies that dont meet security standards, as proscribed by the Federal Information Security Management Act. We need to do more to bring consistency to the [inspector general] community regarding standards and review, Davis said in a May 20 statement. We need to seriously consider incentives for agency success, and funding penalties and personnel reforms for agencies that dont measure up. http://www.compliancehome.com/resources/FISMA/Articles/abstract13795.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13794.html The U.S. government received an overall C grade on an annual information security report card that was released Tuesday. But the report card and the internal security reports on which it's based face increasing skepticism about whether they accurately portray how prepared federal agencies are to deal with cyberthreats. IDG News ServiceComputerworlds internasjonale nyheter leveres av IDG News Service, Computerworlds internasjonale nyhetsbyr. Fra hovedkvarteret i Boston samles nyheter, blogger, bakgrunnssaker, portretter og kommentarer fra IDGs 300 it-publikasjoner og 450 it-nettsteder over hele verden. The U.S. government received an overall C grade on an annual information security report card that was released Tuesday. But the report card and the internal security reports on which it's based face increasing skepticism about whether they accurately portray how prepared federal agencies are to deal with cyberthreats. http://www.compliancehome.com/resources/FISMA/Articles/abstract13794.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13782.html If you're in an industry with heavy regulation compliance, Network Frontiers has developed a great research and information tool for you. The Unified Compliance Framework (UCF) is a collection of over 400 international regulatory requirements, standards, and guidelines, presented in a Microsoft Office Excel Spreadsheet with a hierarchical format and language an IT administrator can understand. The UCF can simplify your regulation requirements, reduce your compliance costs, and limit your legal liability. According to the company Web site, the UCF is a http://www.compliancehome.com/resources/FISMA/Articles/abstract13782.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13772.html Based on recent cases and schemes, Compliance Coach, a provider of automated regulatory compliance services to the financial services industry, has identified 23 new identity theft red flags and has updated its CompliancePal software. CompliancePal is a Web-based software that enables compliance with the FACT Act identity theft red flags rule. It walks the user through a series of questions and produces: the required risk assessment, the mapping of red flags to appropriate detection and response procedures, the written program, the training materials and the compliance status report, and everything necessary to pass an audit. The software is updated regularly for new identity theft schemes and red flags so a company can easily update its identity theft program and maintain compliance. Companies interested in using the software can do so by signing up online and accessing it via the Internet. The federal regulation imposes new responsibilities on businesses to prevent consumer identity http://www.compliancehome.com/resources/FISMA/Articles/abstract13772.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13763.html Rep. Jim Langevin, D-RI, introduced a bill on Wednesday that aims to hold the U.S. Department of Homeland Security responsible for investigating every cyber attack and for shoring up its network security. The bill would better define the roles and responsibilities of the agency's chief information officer, require that the department reduce the number of successful attacks against its networks and mandate that the DHS investigate the state of contractors' network security before signing a contract with them. The bill comes after more than a year of investigations by the House of Representative's Committee for Homeland Security into cybersecurity breaches at numerous government agencies. Rep. Langevin heads up the Subcommittee on Emerging Threats, Cybersecurity and Science & Technology, which has held most of the hearings on the issues. http://www.compliancehome.com/resources/FISMA/Articles/abstract13763.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13735.html OpenPages, provider of enterprise GRC management solutions that optimise business performance, announced that it was named a leading firm within the OpRisk & Compliance Operational Risk Software Survey 2008. OpenPages gained a place on the 2007 survey and was ranked fifth in the closely fought annual survey, in which over 15 vendors were evaluated. OpRisk & Compliances annual survey results were compiled from over 200 senior level executives across Europe. The survey consisted of five categories in which OpenPages increased ground in three categories. In Regulatory and Economic Capital OpenPages moved up four places to the fifth spot - up from ninth in 2007. For Scenario Analysis OpenPages moved up to fifth - up from seventh place from the previous year. In Operational Risk Loss Data OpenPages moved up one spot to fifth place. For Key Risk Indicators and Risk Control Self Assessments OpenPages ranked fifth place. http://www.compliancehome.com/resources/FISMA/Articles/abstract13735.html Mon, 19 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13695.html During 30 years in government service and more than a decade as a consultant, Lynn McNulty has been recognized as a leader in making information security a profession rather than a job. Most recently, the International Information Systems Security Certification Consortium, for which he is the director of government affairs, made him the third Fellow of (ISC)2. He has served as associate director of computer security at the National Institute of Standards and Technology and played a major role in formulating the Computer Security Act of 1987. http://www.compliancehome.com/resources/FISMA/Articles/abstract13695.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13639.html These days in the IT security world there is more of everything. More devices. More compliance regulations. More data breaches. And certainly more malware and malicious threats. And in an era where there's more of everything, companies should start to think about reducing the number of appliances to tackle these threats without compromising business productivity and performance. That was the overriding message imparted by McAfee President and CEO Dave Dewalt in an afternoon keynote during Interop Las Vegas 2008 on Wednesday. With the maelstrom of security threats and regulations facing companies every day, Dewalt said, http://www.compliancehome.com/resources/FISMA/Articles/abstract13639.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract13612.html With large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter? Answering that question is a lot harder than just looking at software vendor risk rankings and rushing to patch the http://www.compliancehome.com/resources/FISMA/Articles/abstract13612.html