http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10984.html What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried IT security professionals on the topic, intriguing insight into the effectiveness of security management came to light. This CXO Media whitepaper presents these findings and reviews the delivery of effective security management using the latest technology and automation tools. http://www.compliancehome.com/whitepapers/FISMA/abstract10984.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10980.html With the decrease in the total number of viruses, some have theorized that the need for virus protection is becoming less and less necessary. Protecting systems such as servers and workstations is nothing new. In fact, using anti-virus software was the first method enlisted to stop malicious code from infecting and propagating between these systems. However, the sophistication of viruses and malware in recent years has dramatically changed the playing field. The purpose of this paper is to help individuals understand the scope of the problem, and provide specific strategies available to combat this continually changing threat. http://www.compliancehome.com/whitepapers/FISMA/abstract10980.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10979.html This white paper contains case studies of companies rededicating themselves to securing customer relationships, including: Charles Schwab -- Headquartered in San Francisco, California, this financial services firm upholds its customer commitment by making security and privacy a cornerstone of its business philosophy. Its latest investment: a new class of authentication, the Extended Validation SSL certificate, which allows online customers to see, at a glance, if the site they are visiting is one they consider trustworthy - or a fraud. http://www.compliancehome.com/whitepapers/FISMA/abstract10979.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10977.html The Federal Information Security Management Act (FISMA) was created in response to increased awareness at the federal government of risks of cyber-terrorism, and of cyber-security in general. Following in the wake of private sector corporate scandals, FISMA emerged from a similar principle that led to Sarbanes-Oxley Act (SOX) of 2002, unambiguous personal acceptance of risk by a senior management official. In recent years, FISMA has played a crucial role in driving federal agencies to improve their overall security posture, providing a framework and guidance for such efforts. Therefore, compliance with FISMA is critical to keeping agency officials out of legal trouble. http://www.compliancehome.com/whitepapers/FISMA/abstract10977.html Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10968.html Read this white paper to learn about: *Insight on two-factor authentication credentials to help you decide on the best choice for your customer-base. *Fortune 500 companies are increasingly discovering that stronger authentication options can result in decreased fraud costs, improved customer loyalty, a competitive advantage, and ultimately, higher top-line revenue potentials. *Insight on identity protection, authentication, and fraud detection services that enable enterprises to offer a more secure online experience with minimal consumer disruption. http://www.compliancehome.com/whitepapers/FISMA/abstract10968.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10967.html The volume and sophistication of attacks that threaten business email networks and systems are growing at exponential rates. This growth curve poses significant problems for IT and security groups trying to manage these threats. In this white paper, youll learn about: The current types of email threats Why the exponential growth in email volume poses significant challenges for the corporate network infrastructure How adding a messaging security layer at the network edge addresses these challenges, and significantly scales and strengthens an overall messaging security solution. http://www.compliancehome.com/whitepapers/FISMA/abstract10967.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10966.html What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried IT security professionals on the topic, intriguing insight into the effectiveness of security management came to light. This CXO Media whitepaper presents these findings and reviews the delivery of effective security management using the latest technology and automation tools. http://www.compliancehome.com/whitepapers/FISMA/abstract10966.html Wed, 09 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10964.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/FISMA/abstract10964.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10962.html Ironclad security has become the Holy Grail for companies looking to protect corporate and customer information at large in the modern enterprise. The move toward greater data distribution thanks to growing globalisation and worker mobility is taking this sensitive data well outside the corporate network and creating new vulnerabilities in the process. As corporate data becomes increasingly difficult to protect, security takes top priority for most IT organisations. However, deploying the latest firewall, antivirus or encryption tool cant ward off todays sophisticated intruders. Not just hackers, but organised crime, dishonest insiders and unfortunate mistakes are easily finding their way past these deterrents, especially when critical data lies outside of IT control. Whats more, keeping on top of the threat is stretching IT resources to their limits. Traditional security controls, which demand constant and immediate updates and attention, are just not enough. A new worm attack, http://www.compliancehome.com/whitepapers/FISMA/abstract10962.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10961.html Mike Ferguson of Intelligent Business Strategies defines what data governance is and then looks at the requirements that need to be met for full data governance to be implemented. He also discusses how to systematically build re-usable data services to automate the tasks needed to formally govern data on an enterprisewide basis in order to accelerate the time to production and guarantee rock-solid data. http://www.compliancehome.com/whitepapers/FISMA/abstract10961.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/FISMA/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10949.html Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include: * Implementing more and appropriate IT controls * Reducing control objectives, making it easier to communicate, measure and report * stablishing higher standards for performance objectives * Encouraging a culture of operational excellence in IT * Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks * Allocating more spend to controls automation http://www.compliancehome.com/whitepapers/FISMA/abstract10949.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10954.html Data breaches. You've gleaned all you can from the headlines; now you have access to information directly from the investigator's casebook. The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. What valuable insights can your organization earn from them? http://www.compliancehome.com/whitepapers/FISMA/abstract10954.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10951.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: *Avoid violations of government and industry regulations *Avoid the leakage of intellectual property *Drive down the cost of compliance through integration, consolidation, and automation http://www.compliancehome.com/whitepapers/FISMA/abstract10951.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10947.html The General Services Administration (GSA) has awarded a supply contract to Industrial Safety Solutions for their SafetyPro line of industrial labeling equipment and supplies. This new federal contract will give government and military agencies better access to compliance and safety labeling, which have been proven to reduce accident injuries in the workplace. Safety labeling is required by regulatory agencies such as OSHA, and is viewed as a top priority in mitigating occupational hazards. It is estimated that as many as 70% of all worksites, including government operated worksites, have insufficient or outdated visual hazard identification. http://www.compliancehome.com/whitepapers/FISMA/abstract10947.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10945.html After fortifying their networks perimeters against the external threats from mysterious computer hackers, enterprises are now focusing their attention on eliminating the recognized inside threats of systems-based fraud, misuse, and errors. Every organization faces the risk of technically capable, application-facing employees and insiders who exercise their knowledge of system rules and procedures to http://www.compliancehome.com/whitepapers/FISMA/abstract10945.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10944.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/FISMA/abstract10944.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10943.html This paper describes how businesses can use F5 Networks BIG IP Global Traffic Manager to leverage all the benefits of their secondary site in an active active configuration to holistically manage their applications across multiple sites.This paper also describes how you can use BIG IP Link Controller to maintain ISP link connectivity and WANJet to accelerate site to site data a replication across the WAN. http://www.compliancehome.com/whitepapers/FISMA/abstract10943.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10942.html This paper addresses the increased performance needs of a disaster recovery plan, and the common barriers to achieving success. It also addresses the performance gains that can be achieved by combining a F5 WANJet application acceleration solution with Double-Take replication solutions from Double-Take Software. http://www.compliancehome.com/whitepapers/FISMA/abstract10942.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10940.html Electronic messaging applications are mission-critical for most enterprises, yet securing them from threats and managing them to meet regulatory and compliance requirements have never been more challenging.Microsoft Exchange Hosted Services offers enterprise-class, affordable services that can protect the messaging infrastructure,simplify email management, and reduce risk. http://www.compliancehome.com/whitepapers/FISMA/abstract10940.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10939.html In Europe,the level of awareness of I threats is generally very good.Most organisations know how to deal with viruses,spam,key-logging and other Internet threats.IDC believes that the vast majority of organisations are using,at the very least,antivirus or an antispam tools plus additional security features such as VPNs for remote connection backup and recovery for business continuity.However,this provides just basic protection and covers just half the danger. Threats today are agile,silent and very efficient,especially if organisations do not fully understand where the real threat lies.A single question that can help present the current situation is why have there been so few reports of widespread viruses over the past 12 months? Antivirus systems are certainly now quite effective,and the responsiveness and agility of detection systems reacting to large waves of self-reproductive viruses also improved. Furthermore,with the exception of poor security tools management,such as out of date http://www.compliancehome.com/whitepapers/FISMA/abstract10939.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10937.html Understanding the trends and patterns of the past is the key to understanding the future, and security is no exception. The following security threat trends for 2008 have been assembled as a result of their frequency during security audits performed last year. These common and fundamental security issues typically arise from the same categorical underlying cause. Most organizations have had enough compliance audits and posses enough intuition of best practices to understand that security controls are necessary to mitigate risk. However, there continues to be significant discrepancy between what management believes the controls are doing and what the controls are -- in fact -- actually doing from a security standpoint. In short, controls have been deployed, but are not configured adequately, and just the mere existence of a control does not imply that the control is functioning adequately. Extremely subtle configuration problems can create critical risk on your network. The commonly hel http://www.compliancehome.com/whitepapers/FISMA/abstract10937.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10933.html With Web 2.0 threats rendering today's most popular firewall technology basically obsolete, firewalls need to step up and tackle their task to protect public-facing assets like web applications. No longer are Web sites attacked only for the purposes of defacing the site to gain credibility among hacking peers, today it's about the money to be made for the bad guys in the distribution of malware and spam, and firewalls must be up to the challenge. Regulations like PCI DSS, the OWASP list of web application vulnerabilities and a recent study by Google confirms the need for web application security. http://www.compliancehome.com/whitepapers/FISMA/abstract10933.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10932.html Junk postal mail is a nuisance for those who receive it, but it is limited by two important economic factors: a) junk mail costs something to produce and, as a result, b) senders of junk mail must achieve acceptable content-to-customer conversion rates in order to make the sending of their information economically worthwhile. The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. In fact, spammers can also The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. http://www.compliancehome.com/whitepapers/FISMA/abstract10932.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/FISMA/abstract10931.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10928.html During the 80s, war dialing and phone phreaking were the attacks that garnered all the headlines. In the 90s it was all about web defacement and the ubiquitous email virus. The last seven years have given rise to identity data theft and privacy concerns. For the past twenty years, organizations have focused on protecting the network; but in the last ten years it has become clear that the core threat is not, nor really ever was, access to the network. The network is just a means to an end. The threat has always been access to the enterprises crown jewels: private data and the applications/ business functions that interact with that data. This is the Achilles heel of the enterprise today. http://www.compliancehome.com/whitepapers/FISMA/abstract10928.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10925.html Researchers with the Ponemon Institute found hat 595 of 00 85%)) IT executives and security officers indicated their businesses have experienced at least one known occurrence of a data security breach.Moreover,experts estimate between 70%and 80%of data security breaches are due to internal access to sensitive information. These alarming statistics illustrate that efforts to safeguard data must move beyond network security and data masking or encryption which can be circumvented by clever perpetrators on the inside. In fact, the number of data privacy and security breaches continues to be on the rise, despite growing regulations and software solutio ons that aim to prevent the average user from being able to view sensitive data. http://www.compliancehome.com/whitepapers/FISMA/abstract10925.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10922.html Many production plants are linked to the Internet and utilize standard software, which makes them a potential target for hackers. Siemens is making these systems more secure.Security experts at Siemens Corporate Technology use a model production facility to demonstrate how easy it is to compromise the security of some systems. http://www.compliancehome.com/whitepapers/FISMA/abstract10922.html Thu, 29 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10920.html The business risks associated with providing users access to information resources include a broad array of potentially damaging events that are caused or made possible by inadequate governance. Such events range from relatively minor policy and compliance violations to disastrous business losses. The demands of regulatory compliance are among the factors driving corporate IT and security managers to improve their access governance processes, but the issues are broader and deeper than the scope of any regulation. http://www.compliancehome.com/whitepapers/FISMA/abstract10920.html Thu, 29 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10919.html The increased demands of regulatory compliance are causing corporate business and IT security managers to review their access governance policies and procedures with an eye toward improving the efficiency and reliability of their systems,while reducing the complexity and cost associated with demonstrating compliance.Within many organizations,however,access governance is not viewed as a strategic issue and regulatory compliance is simply regarded as a sunk cost.This narrow perspective can obscure the true value of investing in technologies that strengthen,automate,and streamline access governance,enabling it to be sustainable. http://www.compliancehome.com/whitepapers/FISMA/abstract10919.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10918.html *Insight on two-factor authentication credentials to help you decide on the best choice for your customer-base. Fortune 500 companies are increasingly discovering that stronger authentication options can result in decreased fraud costs, improved customer loyalty, a competitive advantage, and ultimately, higher top-line revenue potentials. *Insight on identity protection, authentication, and fraud detection services that enable enterprises to offer a more secure online experience with minimal consumer disruption. http://www.compliancehome.com/whitepapers/FISMA/abstract10918.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10916.html Since firms are being held to a higher standard of high availability, the challenge for most is to design server and storage systems that are truly continuous and that guard against unplanned downtime. That means high availability, long associated with application/system uptime, is evolving to include the service of data availability. Aberdeen uses two key performance criteria to distinguish Best in Class (BIC) companies that leverage a high availability strategy: the overall ability to recover critical applications within a short window and year-over-year improvement in ability to recover data. http://www.compliancehome.com/whitepapers/FISMA/abstract10916.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10915.html To gain some clarity on the data protection market, Aberdeen group has embarked on a survey of end users, in different job roles and across numerous industry sectors, to gain insight into customer's data protection strategies. About 100 customers were surveyed and the results revealed that disaster recovery, business continuance and traditional backup/restore and legal discovery mandates make up the three top drivers behind customers' data protection strategies, while a whopping of 72% of the respondents surveyed cited a http://www.compliancehome.com/whitepapers/FISMA/abstract10915.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10914.html As virus writers create increasingly sophisticated malicious code and find ever more effective methods to propagate,enterprises find themselves scrambling to keep their networks,servers,and end-user computers safe from new threats. Traditional anti-virus applications work by searching the contents of files and looking for a recognized pattern of data (a signature )that is the virus program itself.However,virus writers have come up with various methods to escape detection by changing their programs,making it harder for virus scanners to recognize them as viruses.Today s viruses are either polymophic or metamorphic and can actually change themselves as they propagate. The increasing sophistication of malicious code is therefore making pattern recognition technologies less and less effective. http://www.compliancehome.com/whitepapers/FISMA/abstract10914.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10913.html Email has become the dominant form of business communication rivaling, if not exceeding,the importance of voice networks.Indeed,email has had such an extraordinary impact that,like the fax and ATM,it s hard to imagine life before its widespread adoption over the last decade.The very power of the medium has also attracted a disturbingly large and growing number of security threats spam,fraud,viruses,regulator y violations and intellectual property theft. The volume and sophistication of email security threats continues to grow at an unchecked pace.Most customers observe that as much as 90 percent of their incoming mail is invalid (spam,viruses,etc),and the total number of incoming messages is doubling ever y year,even if the number of employees stays constant.These email security threats are fueled by a powerful profit motive associated with spam,fraud and information theft.This creates resources that bring professional engineers into the business of developing new threats,fur ther http://www.compliancehome.com/whitepapers/FISMA/abstract10913.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10912.html In Europe,the level of awareness of I threats is generally very good.Most organisations know how to deal with viruses,spam,key-logging and other Internet threats.IDC believes that the vast majority of organisations are using,at the very least,antivirus or an antispam tools plus additional security features such as VPNs for remote connection backup and recovery for business continuity.However,this provides just basic protection and covers just half the danger. Threats today are agile,silent and very efficient,especially if organisations do not fully understand where the real threat lies.A single question that can help present the current situation is why have there been so few reports of widespread viruses over the past 12 months? Antivirus systems are certainly now quite effective,and the responsiveness and agility of detection systems reacting to large waves of self-reproductive viruses also improved. Furthermore,with the exception of poor security tools management,such as out of date http://www.compliancehome.com/whitepapers/FISMA/abstract10912.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10911.html Email and data security solutions are available in different deployment configurations, from hardware and virtual appliances to software. Another option, http://www.compliancehome.com/whitepapers/FISMA/abstract10911.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10909.html Data deduplication has the potential to fundamentally change the economics of data protection by providing unparalleled rewards to users. However, every data deduplication solution is different and you must take the time to evaluate your environment and needs. This requires you to cut through the data deduplication hype and find out the truth about data deduplication product offerings. Use this white paper as a reference guide for learning about the background of data deduplication and tips assessing different solutions. Read this white paper for insight on important topics, such as: * The purpose of data deduplication * The principles of data deduplication * Common myths and pitfalls to be aware of * Recommendations for evaluating data deduplication solutions http://www.compliancehome.com/whitepapers/FISMA/abstract10909.html Wed, 14 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10900.html Compliance regulations now require that security professionals capture audit records for access to sensitive data stored in databases. There are a number of approaches available and this paper introduces the reader to several options for automating database auditing. http://www.compliancehome.com/whitepapers/FISMA/abstract10900.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10896.html Although roles-based access control (RBAC)has been the subject of much interest in the past,experience with it has been mostly disappointing.The challenge of discovering established roles,defining new roles according to business need,connecting roles properly to the IT infrastructure,ensuring that they meet all compliance requirements,and managing roles through their natural lifecycles has,until now, proved to be too complicated and cumbersome to be practical. However,a new roles-based model of access governance has evolved that overcomes these problems with an approach that provides a bottom-up perspective of roles (the reality of current user access) and connects it to a top-down business perspective (how a role works in conjunction with a business process.)As a result,roles can now be implemented in a manner that both simplifies access control and makes access governance,risk management,and compliance easier. http://www.compliancehome.com/whitepapers/FISMA/abstract10896.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10894.html Email and data security solutions are available in different deployment configurations, from hardware and virtual appliances to software. Another option, http://www.compliancehome.com/whitepapers/FISMA/abstract10894.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10892.html Read this white paper to learn about: *Insight on two-factor authentication credentials to help you decide on the best choice for your customer-base. *Fortune 500 companies are increasingly discovering that stronger authentication options can result in decreased fraud costs, improved customer loyalty, a competitive advantage, and ultimately, higher top-line revenue potentials. *VeriSign Identity Protection is a comprehensive suite of identity protection, authentication, and fraud detection services that enable financial institutions to offer a more secure online experience with minimal consumer disruption. http://www.compliancehome.com/whitepapers/FISMA/abstract10892.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10891.html email threats have expanded from nuisance spam to sophisticated blended attacks. IronPort anti-spam eliminates the broadest range of known and emerging threats. IronPort anti-spam combines best-of-breed conventional techniques with IronPort s breakthrough context-sensitive detection technology to revolution- ize the fight against email threats.Today s spam attacks have become too sophisticated for earlier-generation spam systems.These systems share a common weakness relying heavily on analyzing content that can easily be manipulated by spammers.state of the ar t anti-spam systems must go beyond content examination and analyze messages in the full context in which they are sent. as spam continues to evolve,near real-time rules will need to remain a critical par t of the anti-spam equation in order to successfully eliminate spam and blended threats.With spam on the rise,this type of multi-layer defense is critical to protecting networks worldwide. http://www.compliancehome.com/whitepapers/FISMA/abstract10891.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10890.html IronPort email security appliances are designed to protect networks from todays and tomorrows email threats.These appliances are built on IronPort s proprietary asyncos operating system.optimized for messaging, asyncos provides the foundation that allows a single IronPor t appliance to process mail more than ten times more efficiently than traditional UNIX-based systems.on top of this highly scalable platform,IronPort of fers a variety of security applications for spam and virus filtering,content scanning and policy enforcement.also contained are unique technologies developed by IronPort as well as tightly integrated filtering technology from best of breed partners. The modular design of the system allows these applications to be turned on or off to meet the specific needs of each customer. http://www.compliancehome.com/whitepapers/FISMA/abstract10890.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10889.html A survey of 185 IT professionals finds that, although computer and data security are high priorities, they are surprisingly unprepared to prevent data breaches and computer theft. One out of four organizations surveyed had a data breach in the past year. Preventative measures are found to be consistently undermined, with only 1 in 100 employees consistently following security policy. This white paper explores the survey findings. http://www.compliancehome.com/whitepapers/FISMA/abstract10889.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10888.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: Avoid violations of government and industry regulations Avoid the leakage of intellectual property Drive down the cost of compliance through integration, consolidation, and automation Strong security and governance programs should be symbiotic in nature. A total identity and access management (IAM)driven governance, risk, and compliance (GRC) solution should ensure foolproof and accurate measurements of policies and practices across the enterprise. This ideally includes creation and life-cycle support for policy and standards development, solid and integrated access and identity administration, security and vulnerability scanning, and audit and remediation capabilities. http://www.compliancehome.com/whitepapers/FISMA/abstract10888.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10884.html The recent news headlines related to subprime mortgage crisis, rogue traders, and corporate fraud have highlighted that despite investment in risk assessment and risk management disciplines, significant risk failures persist. While isolated incidents of one-time governance failures are bound to occur, long-term systemic failures are more than just an isolated anomaly. The failures may be the result of a clutter of risk information caused by many risk assessments from many perspectives. The process of organizing these risk assessments to provide organizations with a more holistic view of enterprise risk is fundamental to mastering risk assessments. This whitepaper explores approaches to risk assessment, offers some best practices for conducting risk assessments and provides practical guidance on mastering this business process. http://www.compliancehome.com/whitepapers/FISMA/abstract10884.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10882.html Computers and electronics run our infrastructure and our world. Electronic signals support generation, transmission, and distribution of power that keeps our lights on and the water coming out of our taps. They also support the entire global industrial manufacturing infrastructure. They are so ubiquitous that at a recent industry conference, a top cyber agent at the FBI was quoted as saying, http://www.compliancehome.com/whitepapers/FISMA/abstract10882.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10880.html Driven by increasing regulatory scrutiny and the need to protect key corporate assets such as intellectual property, compliance and issues surrounding data leakage have risen to the top of the list of priorities for today s corporate executive.Federal US legislation such as HIPAA and GLBA,as well as state laws such as California s SB-1386,clearly define acceptable practices with regards to digital information security.In addition,corporate governance rules have mandated strict policies to deal with authorized and unauthorized access,and use of sensitive corporate information by employees,partners and auditors. http://www.compliancehome.com/whitepapers/FISMA/abstract10880.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10879.html BURNED BY ENRONESQUE ACCOUNTING scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a companys shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.But companies that scramble reactively to implement one-off responses to each new set of compliance regulations wont rebuild stakeholder trusttheyll just spend a lot of money on shortsighted solutions. Companies committed to gaining stakeholder trust, as well as better planning and decision making are, instead, taking an integrated approach to the related issues of governance, risk management, and compliance (GRC). The approachcomprises of people, processes http://www.compliancehome.com/whitepapers/FISMA/abstract10879.html