http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10970.html Security is good for your customers - and that's good for your business. When you increase security of your online applications, you boost consumer confidence, loyalty, and sales. You also position your company to comply with current and emerging government regulations. A new white paper from VeriSign spells out five cost-effective strategies for developing, implementing, and maintaining state-of-the-art two-factor authentication. The paper, VeriSign Identity Protection (VIP) Services: Five Business Strategies to Reduce the High Cost of Online Consumer Authentication, presents different approaches to help you choose the most appropriate options for meeting your online security needs. Find out how to: * Improve security to differentiate your brand * Match your security level to the value of customers' online transactions * Consider participating in an authentication network * Choose a solution that enables interoperability - across customers, sites, and networks -regard http://www.compliancehome.com/whitepapers/FFIEC/abstract10970.html Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10969.html Its not difficult to understand that a reasonable amount of identity risk is appropriate and necessary in every business, regardless of how many users or sensitive information systems comprise an organization. They key is how well companies manage these risks by implementing strong and consistent controls over who has access to critical applications and data and what they do with it. Savvy companies will seek a cross-disciplinary management approach that involves business, IT and audit groups in the definition of common goals and compliance metrics, leveraging risk-based analytics and a centralized view of identity data to proactively prevent, detect and correct identity risks. http://www.compliancehome.com/whitepapers/SOX/abstract10969.html Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10968.html Read this white paper to learn about: *Insight on two-factor authentication credentials to help you decide on the best choice for your customer-base. *Fortune 500 companies are increasingly discovering that stronger authentication options can result in decreased fraud costs, improved customer loyalty, a competitive advantage, and ultimately, higher top-line revenue potentials. *Insight on identity protection, authentication, and fraud detection services that enable enterprises to offer a more secure online experience with minimal consumer disruption. http://www.compliancehome.com/whitepapers/FFIEC/abstract10968.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10967.html The volume and sophistication of attacks that threaten business email networks and systems are growing at exponential rates. This growth curve poses significant problems for IT and security groups trying to manage these threats. In this white paper, youll learn about: The current types of email threats Why the exponential growth in email volume poses significant challenges for the corporate network infrastructure How adding a messaging security layer at the network edge addresses these challenges, and significantly scales and strengthens an overall messaging security solution. http://www.compliancehome.com/whitepapers/HIPAA/abstract10967.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10966.html What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried IT security professionals on the topic, intriguing insight into the effectiveness of security management came to light. This CXO Media whitepaper presents these findings and reviews the delivery of effective security management using the latest technology and automation tools. http://www.compliancehome.com/whitepapers/HIPAA/abstract10966.html Fri, 11 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10965.html Two years of experience with PCI DSS (Payment Card Industry Data Security Standard) shows that companies are relying upon the same broken compliance strategy where too much money is spent, too little ROI is achieved, and even less effective security is gained. PCI compliance should not be treated as a single discrete effort. This myopic view of regulatory compliance creates the situation where organizations are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets. This whitepaper will detail a strategy that enables companies to painlessly become audit-ready, gain PCI compliance and ultimately ensure effective security. And it will discuss Lumension's Security Suite, which maps technical controls to PCI standards and continuously monitors, assesses and reports the status of your environment, making your PCI audit the most efficient and actionable of your life. http://www.compliancehome.com/whitepapers/FFIEC/abstract10965.html Wed, 09 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10964.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/Basel-II/abstract10964.html Wed, 09 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10963.html Security is good for your customers - and that's good for your business. When you increase security of your online applications, you boost consumer confidence, loyalty, and sales. You also position your company to comply with current and emerging government regulations. A new white paper from VeriSign spells out five cost-effective strategies for developing, implementing, and maintaining state-of-the-art two-factor authentication. The paper, VeriSign Identity Protection (VIP) Services: Five Business Strategies to Reduce the High Cost of Online Consumer Authentication, presents different approaches to help you choose the most appropriate options for meeting your online security needs. Find out how to: * Improve security to differentiate your brand * Match your security level to the value of customers' online transactions * Consider participating in an authentication network * Choose a solution that enables interoperability - across customers, sites, and networks -regardl http://www.compliancehome.com/whitepapers/FFIEC/abstract10963.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract10962.html Ironclad security has become the Holy Grail for companies looking to protect corporate and customer information at large in the modern enterprise. The move toward greater data distribution thanks to growing globalisation and worker mobility is taking this sensitive data well outside the corporate network and creating new vulnerabilities in the process. As corporate data becomes increasingly difficult to protect, security takes top priority for most IT organisations. However, deploying the latest firewall, antivirus or encryption tool cant ward off todays sophisticated intruders. Not just hackers, but organised crime, dishonest insiders and unfortunate mistakes are easily finding their way past these deterrents, especially when critical data lies outside of IT control. Whats more, keeping on top of the threat is stretching IT resources to their limits. Traditional security controls, which demand constant and immediate updates and attention, are just not enough. A new worm attack, http://www.compliancehome.com/whitepapers/GLBA/abstract10962.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10961.html Mike Ferguson of Intelligent Business Strategies defines what data governance is and then looks at the requirements that need to be met for full data governance to be implemented. He also discusses how to systematically build re-usable data services to automate the tasks needed to formally govern data on an enterprisewide basis in order to accelerate the time to production and guarantee rock-solid data. http://www.compliancehome.com/whitepapers/HIPAA/abstract10961.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/Basel-II/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/GLBA/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/SOX/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/FISMA/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/HIPAA/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10959.html There is much confusion in the marketplace over the definition of email storage management. Many vendors and customers are under the wrong impression that storage management and retention management are the same. This document explores the differences between the two terms in relation to regulations and compliance. http://www.compliancehome.com/whitepapers/SOX/abstract10959.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10958.html Today, the email archiving marketplace is in the throes of a convergence, but the original requirements are so different that legacy archiving solutions designed for one specific market need have not been able to seamlessly extend their primary functionality to cover the other areas. In addition to the change from archiving some to archiving all email, corporations now need additional features that werent part of original archiving requirements, such as audit trails, search and retrieval, pre- and post-review of emails, and extensive corporate retention and management policies. Worse yet, when archiving demands increase exponentially from archiving under 1,000 mailboxes to over 5,000 or 10,000, legacy archiving solutions simply cannot scale to handle those volumes for compliance, legal discovery, or mailbox management, let alone a combination of the three. ZL Technologies, Inc. conducted this survey to determine exactly what is causing the most headaches among corporations that de http://www.compliancehome.com/whitepapers/HIPAA/abstract10958.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10957.html Several data capture methods have been used to ingest email from mail servers, each with differing advantages and disadvantages. Some methods are useful in small environments but quickly become problematic when large email volumes are encountered. Others are useful only for specific mail servers. Leading email archival applications will utilize multiple methods to support different mail servers and leverage rich archival features for specific mail servers to full data capture and ensure scalability. This document describes the various methods used for data capture and the associated advantages and disadvantages. The methods include: Full MAPI Exchange Transaction Log SMTP Gateway Capture Pull Journaling Push Journaling http://www.compliancehome.com/whitepapers/HIPAA/abstract10957.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10956.html This document outlines the most commonly asked CCO questions and issues, and the responses to them, as compiled by ZL Technologies, after three years of feedback and insight in the email archival space. The data was collected from over 500 companies in regulated industries, including financial and healthcare. Additional information was also gleaned from compliance officers and SEC personnel at various compliance conferences. http://www.compliancehome.com/whitepapers/HIPAA/abstract10956.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10955.html Todays market is filled with a variety of email compliance, archival, storage management, knowledge management, and retention management solutions, some old, some new. All claim a wide range of functionality for email, instant messaging, Bloomberg, files, and other data. However, to be a successful enterprise email management solution in todays market, a solution must not only claim comprehensive capabilities but also deliver on several key criteria: Scalability, Flexibility, and Integration. This document provides a definition and overview of the first and most difficult of those three criteria, Scalability. http://www.compliancehome.com/whitepapers/SOX/abstract10955.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/COOP-and-COG/abstract10955.html Todays market is filled with a variety of email compliance, archival, storage management, knowledge management, and retention management solutions, some old, some new. All claim a wide range of functionality for email, instant messaging, Bloomberg, files, and other data. However, to be a successful enterprise email management solution in todays market, a solution must not only claim comprehensive capabilities but also deliver on several key criteria: Scalability, Flexibility, and Integration. This document provides a definition and overview of the first and most difficult of those three criteria, Scalability. http://www.compliancehome.com/whitepapers/COOP-and-COG/abstract10955.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10949.html Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include: * Implementing more and appropriate IT controls * Reducing control objectives, making it easier to communicate, measure and report * stablishing higher standards for performance objectives * Encouraging a culture of operational excellence in IT * Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks * Allocating more spend to controls automation http://www.compliancehome.com/whitepapers/FISMA/abstract10949.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10954.html Data breaches. You've gleaned all you can from the headlines; now you have access to information directly from the investigator's casebook. The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. What valuable insights can your organization earn from them? http://www.compliancehome.com/whitepapers/FFIEC/abstract10954.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10953.html To successfully sustain SOX compliance, organizations must implement best practices to ensure IT systems not only achieve a known and trusted state but they also maintain that state. Management must be more accountable and aware of the need for a continuous and proactive operational risk management environment that recognizes the links between its technology infrastructure, business processes, reputation, compliance, and internal controls. It is vital that Tripwire configuration audit and control solutions are used as an integral element of sustained compliance initiatives. http://www.compliancehome.com/whitepapers/SOX/abstract10953.html Tue, 01 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10952.html The ISO 27001 standard was published in October 2005 as a replacement to the BS7799-22 standard. It is primarily referred to as the Information Security Management System (IISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. The objective of this standard is to As with several global standards,the scope of this standard is far reaching, with several sets of control objectives and guidelines.Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance. ISO 27001 is recognized internationally as a structured methodology for information security.A widely-held opinion is that ISO 27001 is an umbrella over other standards (such as PCI, SOX, GLBA, HIPAA and COBIT). Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security,as there are 11 major contro http://www.compliancehome.com/whitepapers/SOX/abstract10952.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10951.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: *Avoid violations of government and industry regulations *Avoid the leakage of intellectual property *Drive down the cost of compliance through integration, consolidation, and automation http://www.compliancehome.com/whitepapers/Basel-II/abstract10951.html Fri, 27 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract10948.html CFR Part 11 of title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures sets forth the requirements for the creation, modification, maintenance, archival, retrieval, and transmittal of electronic records and also the use of electronic signatures when complying with the Federal Food, Drug and Cosmetic Act or any other Food and Drug Administration (FDA) regulation. These rulings became law in March 1997. Since that time, both industry and the FDA have been working to interpret the meaning and intent of Part 11. The FDA has created several documents with the assistance of industry representatives, to offer guidance in interpretation of the requirements. Even with these efforts, the requirements are still somewhat of a moving target. Pilgrim Software is continuously monitoring the opinions of the FDA to ensure continued compliance with the requirements. http://www.compliancehome.com/whitepapers/FDA/abstract10948.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10947.html The General Services Administration (GSA) has awarded a supply contract to Industrial Safety Solutions for their SafetyPro line of industrial labeling equipment and supplies. This new federal contract will give government and military agencies better access to compliance and safety labeling, which have been proven to reduce accident injuries in the workplace. Safety labeling is required by regulatory agencies such as OSHA, and is viewed as a top priority in mitigating occupational hazards. It is estimated that as many as 70% of all worksites, including government operated worksites, have insufficient or outdated visual hazard identification. http://www.compliancehome.com/whitepapers/SOX/abstract10947.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10946.html Alfred Sloan, the legendary former CEO of General Motors, popularized financial controls for corporate governance, but financial controls have never before received as much widespread attention as they do today. Thanks to the Sarbanes-Oxley Act of 2002, enterprises must devote significant resources to applying Sloans basic principles in todays e-business world. As businesses seek to implement, document, monitor, and report on the effectiveness of their financial controls for Sarbanes-Oxley compliance, they are also readdressing issues that first rose with Sloans model for financial controls how should businesses balance the tradeoffs between stringent controls, operational efficiency, and acceptable business risk? http://www.compliancehome.com/whitepapers/SOX/abstract10946.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10945.html After fortifying their networks perimeters against the external threats from mysterious computer hackers, enterprises are now focusing their attention on eliminating the recognized inside threats of systems-based fraud, misuse, and errors. Every organization faces the risk of technically capable, application-facing employees and insiders who exercise their knowledge of system rules and procedures to http://www.compliancehome.com/whitepapers/Basel-II/abstract10945.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract10944.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/GLBA/abstract10944.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10943.html This paper describes how businesses can use F5 Networks BIG IP Global Traffic Manager to leverage all the benefits of their secondary site in an active active configuration to holistically manage their applications across multiple sites.This paper also describes how you can use BIG IP Link Controller to maintain ISP link connectivity and WANJet to accelerate site to site data a replication across the WAN. http://www.compliancehome.com/whitepapers/Basel-II/abstract10943.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10942.html This paper addresses the increased performance needs of a disaster recovery plan, and the common barriers to achieving success. It also addresses the performance gains that can be achieved by combining a F5 WANJet application acceleration solution with Double-Take replication solutions from Double-Take Software. http://www.compliancehome.com/whitepapers/FISMA/abstract10942.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10941.html Protecting its clients and their assets is a huge responsibility -one that Charles Schwab takes very seriously.The company upholds that commitment by making security and privacy a cornerstone of its business philosophy,and more importantly putting its money where its mouth is by investing heavily in addressing evolving online security- related needs.Its latest investment:a new class of authentication,the Extended Validation SSL Certificate,which allows online customers to see,at a glance,if the site they are visiting is one they consider trustworthy or a fraud masquerading as a legitimate site.. Schwab s commitment to information security speaks directly to the biggest issue that every financial services organization faces:Trust. Whether actually a victim,most individuals see themselves as potential prey to any number of electronic crimes,from an account take-over to credit card fraud or identity theft. Who could really blame them? asks Mick Kless,,Vice President of Professional S http://www.compliancehome.com/whitepapers/FFIEC/abstract10941.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract10940.html Electronic messaging applications are mission-critical for most enterprises, yet securing them from threats and managing them to meet regulatory and compliance requirements have never been more challenging.Microsoft Exchange Hosted Services offers enterprise-class, affordable services that can protect the messaging infrastructure,simplify email management, and reduce risk. http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract10940.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10939.html In Europe,the level of awareness of I threats is generally very good.Most organisations know how to deal with viruses,spam,key-logging and other Internet threats.IDC believes that the vast majority of organisations are using,at the very least,antivirus or an antispam tools plus additional security features such as VPNs for remote connection backup and recovery for business continuity.However,this provides just basic protection and covers just half the danger. Threats today are agile,silent and very efficient,especially if organisations do not fully understand where the real threat lies.A single question that can help present the current situation is why have there been so few reports of widespread viruses over the past 12 months? Antivirus systems are certainly now quite effective,and the responsiveness and agility of detection systems reacting to large waves of self-reproductive viruses also improved. Furthermore,with the exception of poor security tools management,such as out of date http://www.compliancehome.com/whitepapers/FISMA/abstract10939.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10938.html One of the biggest challenges in managing financial service organizations is the complexity of controlling user access to information resources. Some of these organizations have attempted to implement roles-based systems to address these challenges, but real-world experience have shown that unless roles fit into a context that ties together existing entitlements, company policies, regulatory requirements, and current business process realities, they simply don't work. Without this context, the result is a system that can't meet the demands of federal regulations such as the Sarbanes-Oxley Act (SOX) and Gramm-Leach-Bliley (GLB) Act in the U.S. or satisfy global measures such as Basel II/Solvency II capital-adequacy requirements and privacy regulations such as PCI, PIPEDA, CA SB 1386 and EU Data Directive. This paper describes a new roles-based model of access governance that overcomes the challenges ompanies have faced in the past and enables financial organizations to: *Deploy a policy http://www.compliancehome.com/whitepapers/Basel-II/abstract10938.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10937.html Understanding the trends and patterns of the past is the key to understanding the future, and security is no exception. The following security threat trends for 2008 have been assembled as a result of their frequency during security audits performed last year. These common and fundamental security issues typically arise from the same categorical underlying cause. Most organizations have had enough compliance audits and posses enough intuition of best practices to understand that security controls are necessary to mitigate risk. However, there continues to be significant discrepancy between what management believes the controls are doing and what the controls are -- in fact -- actually doing from a security standpoint. In short, controls have been deployed, but are not configured adequately, and just the mere existence of a control does not imply that the control is functioning adequately. Extremely subtle configuration problems can create critical risk on your network. The commonly hel http://www.compliancehome.com/whitepapers/FFIEC/abstract10937.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10935.html This paper discusses SAS70 audits and ISO certifications. To strengthen network security within your company, consider implementing combined standards of COBIT and ISO. http://www.compliancehome.com/whitepapers/SOX/abstract10935.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10934.html As the economy weakens, Internal Audit Directors, Audit Committee Members, Corporate Executives and General Counsel need to identify and address additional risks. Specifically, as basic necessities such as gas and food become increasingly more expensive, there is additional pressure on employees to misappropriate company assets and cash. If an employee is faced with a possible home foreclosure, corporate ethics and employee loyalty may become very unimportant. The bottom-line is that when food and shelter are threatened, employees may not have to mentally leap very far to rationalize taking company assets and cash. Sarbanes-Oxley (SOX) compliant organizations might be tempted to believe that their compliance efforts will adequately protect them from the increased risks presented by the current economic environment. While Sarbanes-Oxley has helped organizations reduce occupational fraud some, this white paper will demonstrate that there are still great opportunities for improvement. In http://www.compliancehome.com/whitepapers/SOX/abstract10934.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract10933.html With Web 2.0 threats rendering today's most popular firewall technology basically obsolete, firewalls need to step up and tackle their task to protect public-facing assets like web applications. No longer are Web sites attacked only for the purposes of defacing the site to gain credibility among hacking peers, today it's about the money to be made for the bad guys in the distribution of malware and spam, and firewalls must be up to the challenge. Regulations like PCI DSS, the OWASP list of web application vulnerabilities and a recent study by Google confirms the need for web application security. http://www.compliancehome.com/whitepapers/GLBA/abstract10933.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10932.html Junk postal mail is a nuisance for those who receive it, but it is limited by two important economic factors: a) junk mail costs something to produce and, as a result, b) senders of junk mail must achieve acceptable content-to-customer conversion rates in order to make the sending of their information economically worthwhile. The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. In fact, spammers can also The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. http://www.compliancehome.com/whitepapers/SOX/abstract10932.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/FFIEC/abstract10931.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/Basel-II/abstract10931.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/HIPAA/abstract10931.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/GLBA/abstract10931.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/FISMA/abstract10931.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/SOX/abstract10931.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FFIEC/abstract10930.html Major credit card companies are pushing hard to stop the financial fraud incidents that have affected numerous organizations and their consumers. Consequently, organizations that accept payment card transactions are duly bound to comply to PCI DSS by end of 2007. Organizations that fail to comply, risk not being allowed to handle cardholder data and fines of up to $500,000 if the data is lost or stolen. This white paper examines the necessary requirements to adhere to PCI DSS, the implications of non-compliance as well as how effective event log management and network vulnerability management play a key role in achieving compliance. http://www.compliancehome.com/whitepapers/FFIEC/abstract10930.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10929.html The digital age in healthcare is unfolding with the promise of dramatically improving patient care. Through the use f advanced medical technologiessuch s diagnostic imaging and electronic record keepingproviders can offer better and faster diagnoses, reduce errors and protect vital information. But the promise of this new age is tempered by significant challenges for the IT infrastructure, particularly the data storage and retrieval systems that stand at the heart of he evolution. Digital imagery requires enormous amounts of storage,and demand for this exciting diagnostic tool continues to skyrocket. Medical practitioners need access to his data quickly and reliably in order to make accurate, timely diagnoses. And increasingly, new legal and regulatory environment has evolved, calling for longer retention of and better security over these ever-increasing amounts of patient information. http://www.compliancehome.com/whitepapers/HIPAA/abstract10929.html