http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18980.html Software-as-a-Service (SaaS) is more than just a cloud-based delivery model. It is a service approach that IT organizations are considering for meeting their IT service management needs. With a SaaS model, IT organizations can focus their staff and infrastructure on high-priority activities and initiatives while still enjoying access to IT service management productivity solutions. Typical SaaS models allow a service to be hosted, delivered, and managed remotely via the Web and offer the sharing of application processing and storage resources through a subscription service. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18980.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18957.html A provider of software and services that enable organizations to drive predictable outcomes through engaged, top performing workforces, Workscape, Inc., has reached full compliance with ISO 27002 information security regulations. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18957.html Fri, 21 May 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18923.html The beginning of 2010 makes clear that data security's bottom line is unequivocal. Even in a down economy, businesses that handle personal information - whether customer or employee data - face a number of rigorous legal obligations. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18923.html Wed, 28 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18907.html A comprehensive security assessment and certification program from Verizon Business is aimed at helping small to medium-size businesses better assess and manage their security risks associated with protecting sensitive company information, according to a Verizon announcement. The companys Security Management Program (SMP) Business helps proactively protect businesses from security threats by leveraging a set of practices to evaluate a company's security posture and recommends ways to cost-effectively improve security and ease compliance with industry regulations. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18907.html Wed, 21 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18897.html The main target market for a new security assessment and certification program is small- and medium-sized businesses with fewer than 1000 employees,Verizon announced. Although the company has had a similar offering for larger companies for more than a decade, Verizon Director of Medium Business Marketing Patrick Sullivan told Connected Planet in a pre-briefing that the new program was designed from the ground up for the small- and medium-sized business segment. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18897.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18844.html A letter - Hello! Can you hear me? I know you can. Yes, yes...no one likes an auditor and I am even worse. I am that CPA who spent the last decade working in information security, both as a security consultant and as someone who managed the product lines of a global managed services business. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18844.html Wed, 17 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18796.html ISO and IEC have added to their toolbox of information security standards, with guidance for the successful design and implementation of ISO/IEC 27001:2005.ISO/IEC 27003:2010, Information technology Security techniques Information security management system implementation guidance, gives advice that will be useful for all types of security-conscious organizations, regardless of their size, complexity and risks. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18796.html Wed, 17 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18795.html The initiative taken by the McAfee Cloud Secure is targeted at software-as-a-service (SaaS) and cloud providers, combining third-party certification with the vendor's automated security auditing, remediation and reporting services. Michael Sentonas, McAfee's Asia-Pacific CTO, said in a pre-launch Singapore briefing that the annual certification will be based on two existing industry standards--ISO 27001/27002 for information security management and Statement on Auditing Standards No. 70 (SAS70). McAfee has so far tied up with auditor KPMG and IT services company CSC to perform the certification exercises, he noted. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18795.html Sun, 03 Jan 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18687.html RAS Infotech, a leading IT distributor, providing complete Network Security and Network Management Solutions in the Middle East and Africa, announced its partnership in the region with iViZ Security to launch unique on-demand penetration testing solution that helps protect web applications and network from critical threats. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18687.html Sun, 03 Jan 2010 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18681.html ABSTRACT: In todays world of highly regulated industries, companies are overwhelmed with the complexity of complying with a multitude of laws, regulations and standards. Furthermore, IT is being asked to determine the business impact of IT control failures and to develop strategies to reduce the risk associated with these failures. Is your IT organization suffocating under the weight of conducting multiple assessments of duplicative controls and supporting too many controls where the cost greatly outweighs the benefit? The way to tame this beast is to leverage the commonality of multiple laws and regulations to harmonize and reduce the number of IT controls. In addition, automation of IT risk and compliance will help to reduce and in some cases eliminate error-prone manual processes for assessing and monitoring the state of IT risk and compliance. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18681.html Thu, 31 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18669.html The pioneer in security and compliance auditing solutions, nCircle, announced enhanced support for US government and international security and compliance standards. In today's regulation-driven environment, organizations are required to provide up-to-date security and compliance information for both internal and external audits. The frequency and complexity of these requirements necessitates automating this process, and nCircle delivers significant time and cost savings by automating formerly manual tasks required for compliance with today's standards and regulations. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18669.html Tue, 22 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18633.html The Cloud Security Alliance has taken a second run at creating recommendations for businesses to follow in order to better secure cloud services. The new document aligns CSA's definition of cloud computing with that of the National Institute of Standards and Technology's (NIST) definition, which includes on-demand self service, broadband network access, resource pooling, rapid provisioning and scalability, and metered usage. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18633.html Thu, 17 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18596.html The Chief Security Officer (CSO) Conference, organised in Viet Nam for the first time, explored the critical importance of information security for all organisations and individuals. The conference was held in HCM City by the citys Information and Communications Department, the Viet Nam Computer Emergency Response Team (VNCERT) and the International Data Group (IDG). Many leading CSOs here and abroad shared experiences on the role of a CSO in todays complex information security situation. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18596.html Fri, 04 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18542.html The weakest link in any security scheme is the human being. Security professionals can do their best to protect systems with layers of anti-malware, personal and network firewalls, biometric login authentication, and even data encryption, but give a good hacker (or computer forensics expert) enough time with physical access to the hardware, and theres a good chance theyll break in. Thus, robust physical access controls and policies are critical elements of any comprehensive IT security strategy. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18542.html Fri, 04 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18503.html Being a responsible person for information security within organisation, whether you are the owner, the CEO, the Chief Training Officer or Information Security Officer you should begin by acquiring a copy of the standard ISO/IEC 27002 code of practice. This code of practice is a risk management standard over-viewing the principals of ensuring confidentiality, integrity and accesiblity of your company data. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18503.html Fri, 27 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18493.html This webcast covers use of PowerTech Compliance Monitor to prepare a system for a SOX, PCI, COBIT or ISO audit. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18493.html Fri, 27 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18438.html A security consulting has been added by Verizon Business to its portfolio of security services to help utilities working with Smart Grid technologies meet infrastructure protection standards. The North American Electric Reliability Corporation (NERC) has developed critical infrastructure protection (CIP) standards for the country's bulk power system. Verizon's new suite of professional consulting services is designed to provide utilities with compliance and readiness assessments to help them meet the 2010 NERC CIP requirement to be Auditably Compliant, which is the highest level of compliance. Utilities at that level will be subject to spot checks and audits. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18438.html Fri, 27 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18432.html Bringing small merchants into compliance with the Payment Card Industry data-security standard, or PCI, is no easy task, according to independent sales organization executives that have started PCI programs for so-called Level 4 merchants. You call up Billys Pizza and ask him about his firewall, and hes not going to know what youre talking about, says Henry Helgeson, president of Merchant Warehouse, a Boston-based ISO. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18432.html Mon, 09 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18399.html Why is cloud computing relevant today from an economic, business and technology standpoint? What are some potential benefits and pitfalls of moving to the cloud? What should you look for in a cloud computing provider to ensure the security of your data and applications? In an October 8 interview from Times Square, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more. Sam will talk about how the economy is accelerating a tectonic shift in IT and how it supports the business. Hell also discuss how to transform a traditional data center that is inflexible less flexible and costly to a cloud computing environment that is secure, virtualized and automated requiring less investment. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18399.html Tue, 03 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18387.html Stiki designed Risk Management Studio Software is for companies, institutions and local government bodies wanting to guarantee security in the processing of information. The program is based on the methodology of the ISO/IEC 27001 and ISO/IEC 27002 security standards, implemented in October 2005 and July 2007. The RM Studio 2.1, the latest in the series of state-of-the art applications, is an IT Governance, Risk and Compliance (IT GRC) tool that provides a single collaborative workflow helping to attain the ISO/IEC 27001 in much shorter time. The software is designed for managing international standards, compliance mandates, create policy management efficiencies and helps in controlling business risks. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18387.html Tue, 03 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18382.html The myths of the CIA triad Have you ever considered taking a role as the most senior person for information security working at a large corporation? Then you must be prepared to understand the key principles of information security-and how they really apply to life and business. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18382.html Tue, 03 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18380.html Lightwave Security, an automated GRC solutions provider, has announced that it has added the COBIT framework to the SecureAware v3.7.0 IT Governance, Risk and Compliance (IT GRC) system to help companies comply with the Sarbanes-Oxley Act (SOX) and manage the compliance lifecycle. Lightwave Security has licensed the COBIT IT governance framework from ISACA, a global 86,000-member organization for information governance, control, security and audit professionals. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18380.html Mon, 26 Oct 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18369.html Microsoft Corp. wants to get its suite of hosted messaging and collaboration products certified to the ISO 27001 international information security standard, part of an effort to try and assure customers about the security of its cloud computing services. It comes amid broad and continuing doubts about the ability of cloud vendors in general to properly secure their services. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18369.html Mon, 26 Oct 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18361.html The period of recession is on and the companies have instituted cost cutting across all organizational levels. Survival in these challenging times is of profound concern for many organizations, so any investment in IT comes with the greatest of scrutiny. Yet, the old adage pay me a little now, or a lot later may be more appropriate during times of economic turmoil than at times of stability. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18361.html Mon, 14 Sep 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18230.html With Virtualization we have moved a step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract18230.html Fri, 03 Jul 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18002.html Your IT organization - no matter what the size is learning to do more with less. Yet whether you choose to build applications internally, purchase third party software or outsource your needs, the burden of managing IT security risk-- and specifically application security risk-- has not reduced. This webinar will discuss cost-effective measures your organization can take to secure your applications, comply with OCC Bulletin 2008-16 and develop an effective, comprehensive application security strategy. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract18002.html Mon, 29 Jun 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17986.html The time is NOW for businesses and organizations of all sizes to implement cloud computing solutions for email security and archiving. Cloud computing solutions are more effective than traditional, on-premise solutions and at a fraction of the cost and IT resource requirements. Listen to this live TechRepublic Webcast, featuring moderator Steve Kovsky and featuring special guests Michael Osterman, President of Osterman Research and Adam Swidler with Google. They present findings, regarding the latest research comparing cloud solutions with on-premise solutions. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17986.html Thu, 18 Jun 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17942.html Disclosure of High Business Impact (HBI) information might cause severe material loss to Microsoft, the information asset owner, or relying parties. The attendee of this webcast will learn how Microsoft developed HBI policy that complies with SOX and the Payment Card Industry (PCI) standards. The attendee will also learn how the PCI standards are implemented, reviewed, and managed at Microsoft and understand what technologies and processes are used to safeguard against disclosure of customer and consumer information. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17942.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17818.html The Information Security Forum (ISF) has signed an intellectual property (IP) licensing agreement with Acuity Risk Management.The agreement will see the ISF Standard of Good Practice for Information Security integrated into Acuity's STREAM risk and compliance management software. Any STREAM user will be able to view, control and manage their compliance in real-time against the standard, as well as against other international standards such as ISO 27002 and Cobit. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17818.html Wed, 20 May 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17801.html Surrey Heath Borough Council is responsible for providing services to over 81,000 citizens. While the Council had been manually checking the log data generated by its different servers, this was time consuming and it was not immediately apparent if an unprecedented incident had occurred. To help ensure easier and quicker compliance with GCSx, and the associated Code of Connection (CoCo) which includes specific requirements on log data, Surrey Heath Borough Council investigated the options for a centralised, automated logging solution. Surrey Heath Borough Council has now implemented a log management, log analysis and event management solution from LogRhythm. LogRhythm will not only help Surrey Heath meet GCSx, ISO27002 and PCI DSS compliance, but it will play a valuable role in creating a safer online environment for the public when transacting with the Council via its website. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17801.html Wed, 20 May 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17792.html So how do you ensure your company is protected from the growing number of threats against your data and infrastructure? And how can you effectively manage your endpoint protection so that management costs don't escalate out of control? View this program to hear trusted advisors from Gartner and McAfee offer key insights into how you can proactively protect your systems and data while more effectively managing endpoint security. You'll also learn why Citrix turned to McAfee to help protect their global IT environment and reduce their costs. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17792.html Tue, 12 May 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17736.html Disclosure of High Business Impact (HBI) information might cause severe material loss to Microsoft, the information asset owner, or relying parties. The attendee of this webcast will learn how Microsoft developed HBI policy that complies with SOX and the Payment Card Industry (PCI) standards. The attendee will also learn how the PCI standards are implemented, reviewed, and managed at Microsoft and understand what technologies and processes are used to safeguard against disclosure of customer and consumer information. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17736.html Tue, 12 May 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17729.html An enterprise identity management software provider, Austin-Tex.-based SailPoint released a new Market Pulse survey which said that only 14 percent of the survey's 125 respondents felt they had adequate user controls in place. The survey tracked IT directors at large enterprises. Companies surveyed had an average of 30,000 employees. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17729.html Mon, 11 May 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17718.html Disclosure of High Business Impact (HBI) information might cause severe material loss to Microsoft, the information asset owner, or relying parties. The attendee of this webcast will learn how Microsoft developed HBI policy that complies with SOX and the Payment Card Industry (PCI) standards. The attendee will also learn how the PCI standards are implemented, reviewed, and managed at Microsoft and understand what technologies and processes are used to safeguard against disclosure of customer and consumer information. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17718.html Fri, 27 Mar 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17349.html In this webcast, Jason Mafera, senior product manager for Imprivata, discusses the key findings from a recent Imprivata-sponsored survey examining trends in strong authentication. Jason reviews key survey findings and lends his expertise to decipher what this means for anyone considering strong authentication as part of their employee access management strategy in 2009. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17349.html Tue, 24 Mar 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17319.html Cell phones and personal digital assistants (PDAs) have become indispensable tools for today's highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending and receiving email, storing documents, delivering presentations, and remotely accessing data. While these devices provide productivity benefits, they also pose new risks to an organizations security.This document provides an overview of cell phone and PDA devices in use today and offers insights into making informed information technology security decisions on their treatment. The document gives details about the threats and technology risks associated with these devices and the available safeguards to mitigate them. Organizations can use this information to enhance security and reduce incidents involving handheld devices. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17319.html Mon, 23 Mar 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17314.html Learn how Guardium 7 enables you to easily automate the time-consuming process of tracking all database changes and reconciling them with authorized work orders in your existing change ticketing system, such as BMC Remedy. Youll also learn how to generate real-time alerts whenever unauthorized changes are detected. These processes are increasingly required to meet auditors requirements, particularly in the context of data governance for SOX. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17314.html Tue, 17 Mar 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17268.html Do you know how to prevent the loss of your company's confidential data? Attend this webcast and learn how Data Loss Prevention (DLP) solutions enable business and government organizations to safeguard their most valuable assets -- intellectual property, customer data, and other sensitive information. Understand why DLP is a top 3 priority for CIOs in 2008, realize the importance of DLP to demonstrate compliance, reduce risk, safeguard brand and reputation, and hear real-life customer use cases. http://www.compliancehome.com/resources/ISO-27002-(17799)/Webinars/abstract17268.html Wed, 11 Mar 2009 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17190.html Fortrex Technologies (www.fortrex.com) is proud to announce that Senior Risk Management Consultant, Peter Spier, has been elected President of the ISACA Western New York Chapter (046) and Chairman of its Program Committee. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract17190.html Sat, 08 Nov 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15679.html The economic downturn is unlikely to affect investment in information security, according to the 2008 Global Information Security Survey by consultancy Ernst & Young released today. The report predicted that, while IT is traditionally one of the first functions to see budget cuts, this is not the case with information security.Only five per cent of respondents intend to reduce annual IT security spending, while 50 per cent plan to increase investment in this area as a percentage of total expenditure. However, to make the most of their investments in security, companies are advised to establish a clear information security strategy and an integrated risk management approach. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15679.html Sat, 08 Nov 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15678.html Tufin Technologies, an Israel-based provider of security lifecycle management solutions, reportedly has released SecureTrack 4.4, the latest version of its flagship product. The new version will provide support and interoperability with Fortinets unified threat management systems, which are used by enterprises and managed security service providers, Tuffin officials said. According to Shaul Efraim, vice president of products, marketing and business development for Tufin, SecureTracks support for the FortiGate line of UTM systems underscores the companys commitment to providing broad support for enterprise and service provider customers. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15678.html Tue, 04 Nov 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/abstract15597.html HIPAA requires it. The Payment Card Industry Data Security Standard requires it. The ISO 27001 standard requires it. In fact, every regulation that mandates that reasonable measures be taken to protect information implicitly requires that companies maintain a program to regularly inform employees on what those measures are. How are companies doing at meeting this requirement? In a poll two years ago of members of the International Association of Privacy Professionals, three quarters of respondents said their companies do some form of internal privacy training. This is a good number. But if you peel back the cover, you'll find that what training means varies widely. http://www.compliancehome.com/resources/ISO-27002-(17799)/abstract15597.html Thu, 02 Oct 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15286.html Thomas J. Smedinghoff's http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15286.html Sat, 13 Sep 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15080.html Leading web collaboration expert Cisco WebEx announced today that it has updated its auditing, reporting and certification processes to meet the internationally accepted ISO-17799 standards. Users of Cisco WebEx s collaborative services rely on the company s MediaTone Network to share confidential information, so maintaining its security is a fundamental requirement. Cisco WebEx will now audit against the ISO-17799 standards, with compliance details provided in a stringent SAS (News - Alert)-70 Type II report. This review measures security against ISO control objectives, providing more transparency than a Type I report. Cisco WebEx s decision means that the company will no longer pursue the North American-centric WebTrust certification. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15080.html Mon, 08 Sep 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15024.html As IT security breaches continue to make headlines, Ian Campbell explores the reasons why organisations are seemingly unable to manage their data properly. Many more voices must be joining in with the mantra that says technology can only do so much for IT security after the events of the last month. No firewall in the world will compensate for management negligence and an inability to observe basic principles of data protection. There has been a long litany of failure in a short space of time. At the start of August,11 people were found guilty of the biggest credit card fraud in history. TJX, the parent company of TK Maxx, and a number of other US retailers managed to lose 40 million credit card details to a sustained hack attack of modest sophistication. Closer to home, a number of retailers in Galway had their card-payment machines skimmed and 20,000 names and personal details were stolen. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract15024.html Fri, 11 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract14456.html The ISO 27001 standard is primarily referred to as the Information Security Management System (ISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. As with several global standards, the scope of this standard is far reaching, with several sets of control objectives and guidelines. Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance. ISO 27001 is recognized internationally as a structured methodology for information security. Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security, however it does not mandate specific procedures nor define the implementation techniques for gaining certification. Thus, companies being audited for ISO 27001 compliance deal with the same issues that plague companies facing regulatory audits: how to effectively achieve com http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract14456.html Fri, 27 Jun 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract14250.html COMPLIANCE has become the key to managing and storing information. Looking at the UK and international business markets we see governing bodies around the world driving legislation which enables them to audit companies to ensure information is available and original. Governing bodies which are high on the list include: Financial Services Authority (FSA), US Security Commissions (SEC), Sarbanes-Oxley, Basel II, The Data Protection Act and BSI (ISO) 5000:2002, 7799. In any organisation there are three principal areas which need to interact effectively to ensure business success. They are people, processes and technology. This has never been truer than in the area of data compliance. Ever increasing regulation requires people to understand how best to satisfy customers at the same time complying with external rules and laws. It also requires efficient use of process to ensure compliance and effective use of technology to manage the data in a compliant way. http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract14250.html Mon, 19 May 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract13694.html Recently during a talk at Interop, Joshua Corman, security strategist for IBM/ISS, offered up 7 dirty secrets http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract13694.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract13647.html THERE are a number of emerging issues that modern organisations are facing increasingly frequently. It is important that business decision makers are aware of these so they can be prepared to deal with them. Data including work documents, databases and email are imperative for the day-to-day running of any organisation. However, as applications become more sophisticated, the volume of data continues to grow. Add to this legal requirements, such as the necessity to retain your data, and the need for extensive and reliable storage methods is of paramount importance. Off-site hosting and remote data back-up has become essential to cater for this exponential growth of data. Companies should recognise that by backing up their data with automated remote methods using private networks or even the internet, they can overcome many problems associated with traditional techniques. Also, if this data is stored in a secure, ISO 27001-accredited offsite location, they will be relieved of the burden http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract13647.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract13468.html Due to an unrelenting rise in the many different types of fraud, Infogov is to supply its Proteus Enterprise governance, risk and compliance solution as the underpinning technology for the BSI's forthcoming standard on fraud prevention and detection. The first development meeting for the standard, to be issued initially as a publicly accessible specification (PAS 8000) in August 2008 was held on January 22nd. This meeting was very well represented. Sponsored by Telsecure via the BSI, those attending were the Anti-Money Laundering Professionals Forum, Barclaycard, Citibank, City of London Police, Credit Industry Fraud Avoidance Scheme, Financial Services Authority, Fraud Advisory Panel, Home Retail Group, London Fraud Forum, National Fraud Strategic Authority, Nottingham Trent University, Security Watchdog, Telecommunications UK Fraud Forum, University of Cardiff, Vodafone and of course InfoGov. In Proteus Enterprise, InfoGov's software solution provides such essential capability http://www.compliancehome.com/resources/ISO-27002-(17799)/Articles/abstract13468.html