http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Thu, 18 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11891.html The Federal Information Security Management Act of 2002 (FISMA) was passed with the purpose of improving computer and network security at government agencies and government contractors. The Act called for increased security standards and yearly audits of the systems and processes, and tasked the National Institute of Standards and Technology (NIST) to come up with a set of standards and guidelines, in effect a set of documents that provide a framework for risk management, security and compliance. The NIST approach is to have agencies and contractors adopt a risk based approach - to independently assess systems, decide on security controls from NIST supplied guidelines, and then authorize the use of the system, with subsequent periodic reviews and reauthorization. http://www.compliancehome.com/whitepapers/FISMA/abstract11891.html Thu, 18 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11890.html Section 404 of the Sarbanes-Oxley Act (SOX) requires firms with a public float over $75 million during 2002-2004 to file management reports beginning in 2004, but firms with a smaller float in each of the three years do not need to comply until the end of 2007. Relative to firms that could delay compliance, mandatory filers cut CEO compensation and financial slack, increase ownership by insiders, raise payouts to shareholders, and slow investment growth. These firms experience no change in borrowing costs but enjoy access to longer-term public debt. http://www.compliancehome.com/whitepapers/SOX/abstract11890.html Thu, 18 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11889.html Currently, there is no single standard framework that explicitly defines what your organization must do for compliance. A big challenge for IT security professionals is navigating this ambiguity and achieving the organization's compliance goals effectively and on budget. This guide covers seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance. http://www.compliancehome.com/whitepapers/SOX/abstract11889.html Thu, 18 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11888.html Audits are a fact of life - surveys show 90% of businesses are audited at least once per year. Even in the best economic times, businesses need to be vigilant against unnecessary costs and risks. In challenging times such as these, it's even more critical to avoid missteps, protect cash flow, and derive maximum value from people and processes. This whitepaper from Sabrix tax experts will navigate you to learn how you can protect precious cash flow by proactively addressing audit risk. http://www.compliancehome.com/whitepapers/SOX/abstract11888.html Thu, 18 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11887.html Medium size businesses are plagued by the same security risks that the largest enterprises face on a daily basis, but they typically lack the time, budget and IT resources to adequately protect themselves against all of todays sophisticated threats. The list is long and daunting: Trojans, botnets, spam, spyware, malicious web sites, data loss, and data theft. Medium businesses need to enforce acceptable use policies for email and the web, and ensure compliance with government data privacy regulations. A single hacker attack, a single misplaced laptop containing confidential data, a single infected device could cripple a medium size business. McAfee helps keep small and medium businesses like yours protected with a smart, simple, secure solution designed for small and medium enterprise customers. McAfee Total Protection for Secure Business provides comprehensive endpoint, email, web, and data security - all in a single, integrated suite. Best of all, the suite is available from one ve http://www.compliancehome.com/whitepapers/SOX/abstract11887.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11884.html PCI Compliance has become a business requirement for any company involved in processing credit card information. It requires strong security controls over all systems and applications that process or store cardholder information. These controls serve to enforce access rights to all confidential information, and to identify and remediate areas of potential exposure of customer credit card information. PCI Compliance requires comprehensive security across a range of systems and applications. CA Security Management solutions enable you to create strong security controls to help achieve PCI compliance. Access to all cardholder information is strongly controlled and audited, applications are protected against attacks, and areas of exposure risk are detected and remediated effectively. CA Security Management is an excellent foundation for a comprehensive PCI compliance program. Read this paper to learn more. http://www.compliancehome.com/whitepapers/PCI/abstract11884.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11883.html Driven by an accelerated increase in identity theft, consumer fraud, and other personal informationrelated thefts, industry groups and federal and state governments have taken aggressive steps to hold companies and their management accountable for confidential information disclosures. Similarly, enterprises are facing significant challenges in preventing the theft or accidental disclosure of intellectual property (IP) and corporate trade secrets. Ultimately, the challenge of establishing and implementing effective personal information and IP protection solutions falls upon the shoulders of IT management and staff. Securing personally identifiable information (PII) and IP has become a high priority for enterprise management and IT. Read this IDC paper to learn more. http://www.compliancehome.com/whitepapers/HIPAA/abstract11883.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11882.html With numerous news stories detailing public data breaches that have led to sensitive data getting releasedon websites, stolen as part of a laptop theft, or even released accidentally over an email or instant messageorganizations are increasingly under pressure to protect privacy data. Over the last few years, this challenge has been compounded by increasing compliance regulations that can mean fines or even jail time if privacy data is mishandled. In California and other states that have enacted similar laws, organizations are now forced to publicly disclose if computerized data files have been compromised by unauthorized access that might open up the risk for identity theft. The impact on privacy data leaks can impact an organizations brand and public reputation, not to mention put its customers, employees and partners at serious risk. This white paper presents the top ten regulatory compliance requirements to consider when selecting a privacy data protection solution. http://www.compliancehome.com/whitepapers/SOX/abstract11882.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11882.html With numerous news stories detailing public data breaches that have led to sensitive data getting releasedon websites, stolen as part of a laptop theft, or even released accidentally over an email or instant messageorganizations are increasingly under pressure to protect privacy data. Over the last few years, this challenge has been compounded by increasing compliance regulations that can mean fines or even jail time if privacy data is mishandled. In California and other states that have enacted similar laws, organizations are now forced to publicly disclose if computerized data files have been compromised by unauthorized access that might open up the risk for identity theft. The impact on privacy data leaks can impact an organizations brand and public reputation, not to mention put its customers, employees and partners at serious risk. This white paper presents the top ten regulatory compliance requirements to consider when selecting a privacy data protection solution. http://www.compliancehome.com/whitepapers/PCI/abstract11882.html Tue, 09 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11878.html ABSTRACT: Enterprises are seeking ways to simplify and reduce the scope of the Payment Card Industry's Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCI DSS compliance and significantly increase the chance of audit success. Compliance with the PCI DSS is a combination of documented best practices and technology solutions that protect cardholder data across the enterprise. This paper explores the use of tokenization as a best practice in improving the security of credit card transactions, while at the same time minimizing the cost and complexity of PCI DSS compliance by reducing audit scope. http://www.compliancehome.com/whitepapers/PCI/abstract11878.html Tue, 09 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11877.html Security professionals sometimes struggle to demonstrate the return on investment for new solutions. Showing clear long-term cost savings or conducting a total cost of ownership (TCO) comparison is a very effective way to show the value of a security investment. Doing so also allows the security team to align with management to make a positive contribution to the business. In this whitepaper, we look at several examples where significant cost savings are demonstrated and the cost of purchase of security information and event management (SIEM) technology has been realized in short periods of time following the SIEM implementation. http://www.compliancehome.com/whitepapers/SOX/abstract11877.html Tue, 09 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11876.html With complex regulations, continually evolving interpretations and stiff penalties, the mission-critical task of revenue management is more complex than ever. 66% of companies fail to evaluate the revenue impact of deferred revenue, and a whopping 92% of public companies say they still use spreadsheets for critical revenue-accounting tasks, leaving them exposed to a host of issues including compliance, audit and forecasting problems. http://www.compliancehome.com/whitepapers/SOX/abstract11876.html Tue, 09 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11875.html Redwood Software uses its unique combination of process automation and information management technologies to provide practical solutions for sustainable compliance that also deliver measurable business value. The blueprint that we offer here promises a sustainable solution for compliance with Sarbanes-Oxley and other corporate governance requirements while taking advantage of both the lessons learned during the first phases of compliance and the processes and systems that are already in place. http://www.compliancehome.com/whitepapers/SOX/abstract11875.html Tue, 09 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11874.html Presentation related to Impurities likely to be in drug products. http://www.compliancehome.com/whitepapers/FDA/abstract11874.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11873.html Taxes are certainly not fun, but there is something worse: an audit. Combine the two in a risk and compliance scenario and you have the onerous http://www.compliancehome.com/whitepapers/PCI/abstract11873.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11872.html In order to standardize security for the payment card industry, all providers must comply with the Payment Card Industry Data Security Standard (PCI-DSS). Unfortunately, many merchants aren't in compliance! What does this mean for them - and you? Fines, lost business and a shaky reputation with your customers. In this new Quest Software white paper, learn about each and every PCI-DSS requirement - and the solution you need to address them. Whether for Windows, Exchange or even UNIX systems, discover the tools and controls to quickly and easily comply with PCI-DSS. Read it today. http://www.compliancehome.com/whitepapers/PCI/abstract11872.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11871.html Managing IT risk is part of running any business these days. Regardless of what business you're in, understanding IT risk can help you increase network security, reduce management costs and achieve greater compliance. Corporate leaders who fail to identify, assess and mitigate IT risk are setting themselves up for serious security breaches and financial losses down the road. And those leaders who think that managing IT risk is the job solely of the IT staff may be in for a big shock. Read this paper to learn how to effectively assess IT risk and manage compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11871.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11870.html Where data archiving is about performance, Information Lifecycle Management is about compliance. The distinction isnt a break with the past C its an evolution. Dolphin helps organizations run crucial business operations better and smarter in SAP. The company has a history of success delivering higher performance and lower total cost of ownership by helping customers using SAP solutions plan and implement strategic ILM and data archiving programs. Read this white paper for a discussion of the business case for data archiving as the first step in an SAP ILM strategy; strategies for Data Archiving, Retention Management and the Retention Warehouse strategy for legacy decommissioning in SAP; and Dolphins bestpractices approach to an effective, long-term ILM strategy. http://www.compliancehome.com/whitepapers/SOX/abstract11870.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11869.html By design, the Payment Card Industry Data Security Standard (PCI DSS) strives to provide merchants with a high level of technical detail so that organizations know when they're http://www.compliancehome.com/whitepapers/PCI/abstract11869.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11868.html For many organisations Chief Information Officers and Chief Security Officers, the Payment Card Industry Data Security Standard (PCI DSS) was going to spell the end of the road for criminals who were cashing in on the supposedly easy target of credit card theft - and its subsequent fraudulent use of their customers data. The theory being, it would be harder to obtain the cardholder data in the first place due to the more robust and standardised approach to data security (under the new PCI DSS regime). Unfortunately, as we have seen, many companies are still struggling to demonstrate compliance, with costs associated with meeting PCI requirements spiralling out of control. And despite the pressure of fines being imposed, organisations continue to struggle with PCI DSS compliance, and worse still some organisations that have achieved PCI DSS compliance are still suffering from costly and embarrassing data losses / breaches e.g. TJ MAXX, Hannaford Brothers. http://www.compliancehome.com/whitepapers/PCI/abstract11868.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11867.html The Security Standards Council of the Payment Card Industry (PCI) owns and maintains the Data Security Standard (DSS), which is a rigorous set of requirements that all merchants, payment processors, point-of-sale vendors, and financial institutions must follow. The stiff penalties defined by PCI members are designed to ensure that all merchants and service providers work to maintain consumer trust of payment cards since that loss would impact the revenues of all merchants and financial institutions. This white paper examines the compelling business and technical case for centralizing administration in Microsofts Active Directory, using Centrifys DirectControl to extend Active Directory authentication and access control to your UNIX, Linux and Mac OS systems and applications, and using Centrifys DirectAudit to log user activity to provide you a clear picture of end user actions on all UNIX and Linux systems. Combined, Active Directory, DirectControl and DirectAudit provide a comprehe http://www.compliancehome.com/whitepapers/PCI/abstract11867.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11866.html The continued adoption of electronic medical records, PACS and other health information, systems are becoming an increasingly integral part of the delivery of patient care. With vital patient information residing in electronic health records and images, tolerance for system downtime is approaching zero. In addition, if patient data is lost or corrupted, HIPAA and JCAHO data integrity and data protection requirements could be at risk. Whether you're a local community hospital or national health network, this paper outlines seven key tips that every healthcare organization should consider to protect the availability of healthcare information systems. From reducing human error, to understanding the key differences between high availability and disaster recovery, to selecting the right hardware and storage components, this paper provides an overview of the key steps necessary to ensure the availability and integrity of your healthcare information systems. http://www.compliancehome.com/whitepapers/HIPAA/abstract11866.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11864.html As the PCI DSS and its sister standards continue to evolve and gain momentum, organizations will have to bake compliance into their everyday operations in order to eliminate fire drills, contain costs, keep current customers and attract new ones. It has been more than five years since the heavyweights in the payment card industry banded together to develop common stan dards to protect users from fraud. Since then, the standards have gone global, expanding beyond merchants to include their application providers as well, and becoming more prescrip tive. In this whitepaper you will learn how to stay continuously compliant using automation to develop and maintain a known secure state for your infrastructure. http://www.compliancehome.com/whitepapers/PCI/abstract11864.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11863.html PCI compliance is a challenge for midsize and large companies alike, as there are four phases to meeting the PCI DSS requirements: assessment, remediation, compliance and maintenance. Read this white paper as IBM reveals five key 'sticking points' organizations have been facing on the path to PCI DSS compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11863.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11861.html EIU white paper based on global survey of 320 executives on their views of managing risks associated with changing, and global, regulations. http://www.compliancehome.com/whitepapers/HIPAA/abstract11861.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11860.html Properly defining, controlling and monitoring administrative privileges in IT systems continue to be significant challenges for organizations of all sizes. And while in the past, controlling privileged accounts made good business sense, today, it is mandated by regulations such as Sarbanes-Oxley (SOX) Section 404, the Federal and North American Energy Regulations Commission (FERC/NERC), HIPAA 2, and even state level regulations such as the California Information Practice Act and the Massachusetts privacy law 201CMR17. In addition to the increased potential for failing IT security audits, sharing root and other privileged accounts can lead to a significant increase in the risk of fraudulent activities by employees, an even bigger threat to corporate value. http://www.compliancehome.com/whitepapers/SOX/abstract11860.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11859.html The continued adoption of electronic medical records, PACS and other health information, systems are becoming an increasingly integral part of the delivery of patient care. With vital patient information residing in electronic health records and images, tolerance for system downtime is approaching zero. In addition, if patient data is lost or corrupted, HIPAA and JCAHO data integrity and data protection requirements could be at risk. Whether you're a local community hospital or national health network, this paper outlines seven key tips that every healthcare organization should consider to protect the availability of healthcare information systems. From reducing human error, to understanding the key differences between high availability and disaster recovery, to selecting the right hardware and storage components, this paper provides an overview of the key steps necessary to ensure the availability and integrity of your healthcare information systems. http://www.compliancehome.com/whitepapers/HIPAA/abstract11859.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11858.html The Payment Card Industry (PCI) Security Standards Council is an open global forum launched in 2006 with a mission to enhance payment account data security. Founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc., the organization developed and governs a series of PCI Security Standards. Those compliance standards include: Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and Pin-Entry Device (PED) Requirements. All five founding members have incorporated the PCI DSS as the technical requirements for their own data security compliance programs. PCI compliance is a complex and ever evolving subject affecting millions of businesses. http://www.compliancehome.com/whitepapers/PCI/abstract11858.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11857.html It has been more than five years since the heavyweights in the payment card industry banded together to develop common standards to protect users from fraud. Since then, the standards have gone global, expanding beyond merchants to include their application providers as well, and becoming more prescriptive. As the PCI DSS and its sister standards continue to evolve and gain momentum, organizations will have to bake compliance into their everyday operations in order to eliminate fire drills, contain costs, keep current customers, and attract new ones. http://www.compliancehome.com/whitepapers/PCI/abstract11857.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11856.html The credit card industry is stepping up efforts to strengthen cardholder data security by raising member validation requirements for compliance with the Payment Card Industry Data Security Standard (PCI-DSS). As part of these requirements, both internal and external network scanning play a critical role in achieving compliance. This security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels. http://www.compliancehome.com/whitepapers/PCI/abstract11856.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11855.html A Guide for Merchants and Member Service Providers This white paper reviews the basics of PCI, including who must comply, compliance requirements, validation requirements and penalties. It also examines key things to look for when selecting a PCI network testing service and introduces QualysGuard PCI. Topics in this white paper include: * Compliance Requirements of the PCI Data Security Standard * Participation and Validation Requirements * Selecting a PCI Network Security Testing Service * Automating the PCI Validation Process with QualysGuard PCI http://www.compliancehome.com/whitepapers/PCI/abstract11855.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11854.html Complying with the PCI Data Security Standard may seem like a daunting task for merchants. This book is a quick guide to understanding how to protect cardholder data and comply with the requirements of PCI - from surveying the standard's requirements to detailing steps for verifying compliance. PCI Compliance for Dummies arms you with the facts, in plain English, and shows you how to achieve PCI Compliance. In this book you will discover: * What the Payment Card Industry Data Security Standard (PCI DSS) is all about * The 12 Requirements of the PCI Standard * How to comply with PCI * 10 Best-Practices for PCI Compliance * How QualysGuard PCI simplifies PCI compliance http://www.compliancehome.com/whitepapers/PCI/abstract11854.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11853.html These are the questions that every company asks before making a decision for a security and information management (SIEM) solution. It's easy to understand why: selecting the right SIEM solution can do more for your brand and your bottom line than most other IT decisions. Logging and event management are essential to governance and risk, not to mention a mandate for compliance with standards like PCI DSS and FISMA. Companies and agencies eventually outgrow the in house developed tools, the vendor tools with limited scope and the low cost products solved only 50% of the problem. Reading this paper prepares you for evaluating all the alternatives, including Intellitactics, and for selecting the one that works best for you. http://www.compliancehome.com/whitepapers/FISMA/abstract11853.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11852.html This http://www.compliancehome.com/whitepapers/SOX/abstract11852.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11851.html There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements http://www.compliancehome.com/whitepapers/HIPAA/abstract11851.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11838.html Critical business processes in biotech and pharmaceutical companies involve highly confidential, important documents that need to be safely accessed by external partners and potential licensees. Poor security measures based on a http://www.compliancehome.com/whitepapers/FDA/abstract11838.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract11837.html The changing economy presents daunting challenges in information security. Companies are pressed to collaborate with more and more outside partners, and many business processes--due diligence, compliance, product development, sales, and marketing--involve sharing of confidential information. The demands for productivity and speed drive executives and project team members to share information outside the firewall, even in the absence of a safe collaboration platform--putting companies at risk of security breaches or data leakage. Several vendors offer online work spaces to meet the demand for safe, efficient document sharing. IT should define security policies and requirements for these collaborative spaces, ensure that they support existing security policies, and manage their implementation and integration with existing systems and applications. As fleeting opportunities arise suddenly, IT leaders can create competitive advantage for their companies by managing the process of setti http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract11837.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11836.html Business users are a key part of a company's security, and even the most conscientious employees can introduce serious breaches of security policy. IT can do everything in its power to secure the company's confidential documents--provide first-class security infrastructure, develop reasonable security policies and engage in extensive communication and training--yet still people fail to comply. The solution is to provide security that helps people do their jobs more efficiently, thereby inducing users to follow best security practices without even knowing it. http://www.compliancehome.com/whitepapers/SOX/abstract11836.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract11834.html The Basel II framework has become an international standard for banks to use to ensure that they have enough capital in reserve, using these funds as a safety net against various forms of risk. http://www.compliancehome.com/whitepapers/Basel-II/abstract11834.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11849.html It has been more than five years since the heavyweights in the payment card industry banded together to develop common standards to protect users from fraud. Since then, the standards have gone global, expanding beyond merchants to include their application providers as well, and becoming more prescriptive. More importantly, organizations of all sizes and industries have recognized that if they accept card-based transactions, then the Payment Card Industry Data Security Standard (PCI DSS) applies to them. This has meant taking a closer look at how they control access to sensitive customer data. Unfortunately, all too often this closer look has resulted in last-minute fire drills to satisfy periodic audits or a decision to risk fines rather than spend money on compliance. Audits can be expensive and resource-intensive. To some, they represent budget and productivity that could be better spent elsewhere, says Scott Crawford, research director at Enterprise Management Associates in Bo http://www.compliancehome.com/whitepapers/PCI/abstract11849.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11848.html A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were considered more of a nuisance than a help. There were too many of them, they werent easily collected, and there was no easy way to make sense of which were important. When network administrators had log recording turned on, they were lost in a sea of data, and would have to sift through it all in an attempt at analyzing suspicious activities. Some organizations deployed early Security Information and Event Management (SIEM) systems to help filter out the noise. The problem, however, is that the industry and government auditors found a gap in what was collected. There was no way to capture the events that those early SIEM solutions werent aware of. The auditors said that everything needed to be captured and stored. Compliance regulations such as Payment Card Industry Data Security Standard (PCI DSS), NERC, Sarbanes-Oxley (SOX), and the Federal Information Security Man http://www.compliancehome.com/whitepapers/PCI/abstract11848.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11847.html Many CIOs recognize the power of cloud computing and are looking to implement the technology in their own IT realms. But with all the noise in the market about cloud computing, how do you know where to begin? By understanding the underlying service-related delivery requirements that are needed, you can successfully take full advantage of cloud computing technology for your enterprise so that you can improve service delivery to the business. Here are some questions to help you get the process started: http://www.compliancehome.com/whitepapers/PCI/abstract11847.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11844.html EIU white paper based on global survey of 320 executives on their views of managing risks associated with changing, and global, regulations. http://www.compliancehome.com/whitepapers/HIPAA/abstract11844.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11843.html There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements http://www.compliancehome.com/whitepapers/HIPAA/abstract11843.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11842.html Compliance regulations have made log management a mandatory IT practice for organizations, but there's an increasing awareness of what those logs can also do for security through tracking suspicious activity and user behavior. Organizations are starting to realize they can use logs to pinpoint holes in their cyber defenses and thereby boost security. This white paper highlights the upcoming trends in log and event management security in 2010. This paper will look at the following: - Dynamic Activity Analysis - Real-time threat monitoring - Automated Event Response - Comprehensive Log Management http://www.compliancehome.com/whitepapers/PCI/abstract11842.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11841.html The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations. This paper will discuss those deficiencies and provide some general guidance to overcome them. Examples from Visa, MasterCard, American Express, Discover, and JCB. http://www.compliancehome.com/whitepapers/PCI/abstract11841.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11840.html The Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance. The benefits of the PCI DSS go beyond audit costs and results, however. As a security model, PCI requirements can help companies control compliance costs and build a more efficient and reliable IT infrastructure that delivers better service while incurring less risk. This whitepaper from the IT Compliance Institute looks at: * PCI basics and compliance challenges * Exploiting PCI's opportunities and improving business performance with PCI DSS controls * Suggestions for a smooth PCI implementation * Measuring PCI performance gains http://www.compliancehome.com/whitepapers/PCI/abstract11840.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11839.html There are many commercially available information security tools on the market, many of which can help with PCI compliance. At a minimum, achieving PCI-DSS requires 4 security solutions. First, a firewall and Intrusion Prevention System (IPS), however most modern IPS devices include firewall functionality as well. Second, a Database Monitoring system (DAM, or DBM) and/or an Application Monitoring system to monitor, protect, and log all access to sensitive data. Third, a Log Management system to store all logs in a secure manner, for audit purposes. Finally, a Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes. This document attempts to clearly define which systems are most applicable to each specific PCI requirement. http://www.compliancehome.com/whitepapers/PCI/abstract11839.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11832.html One of the major challenges faced by the enterprise is the re-identification of de-identified data that leads to Data Disclosure. This paper discusses the scenarios which bring the need for de-identification of data and what leads to the data disclosure of such deidentified data .The paper aims to share insights that help Data Custodians in an enterprise, Security Auditor, Risk and Compliance Group, Data Security Subject Matter Expert and the curious minds of the database world. http://www.compliancehome.com/whitepapers/SOX/abstract11832.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11831.html Microsoft Exchange Server, one of the most important production systems in many organizations, is a system consisting of many moving parts that need thorough and secure maintenance. In most companies, groups of two or significantly more IT professionals manage the E-mail infrastructure configuration and without detailed auditing of who did what, where, and when, it is not be possible to detect inadvertent or unauthorized changes to private E-mails with sensitive financial information. The white paper describes different approaches to regular and consistent auditing of changes to Exchange server configuration and permissions. http://www.compliancehome.com/whitepapers/SOX/abstract11831.html