http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10967.html The volume and sophistication of attacks that threaten business email networks and systems are growing at exponential rates. This growth curve poses significant problems for IT and security groups trying to manage these threats. In this white paper, youll learn about: The current types of email threats Why the exponential growth in email volume poses significant challenges for the corporate network infrastructure How adding a messaging security layer at the network edge addresses these challenges, and significantly scales and strengthens an overall messaging security solution. http://www.compliancehome.com/whitepapers/HIPAA/abstract10967.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10966.html What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried IT security professionals on the topic, intriguing insight into the effectiveness of security management came to light. This CXO Media whitepaper presents these findings and reviews the delivery of effective security management using the latest technology and automation tools. http://www.compliancehome.com/whitepapers/HIPAA/abstract10966.html Wed, 09 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10964.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/HIPAA/abstract10964.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10962.html Ironclad security has become the Holy Grail for companies looking to protect corporate and customer information at large in the modern enterprise. The move toward greater data distribution thanks to growing globalisation and worker mobility is taking this sensitive data well outside the corporate network and creating new vulnerabilities in the process. As corporate data becomes increasingly difficult to protect, security takes top priority for most IT organisations. However, deploying the latest firewall, antivirus or encryption tool cant ward off todays sophisticated intruders. Not just hackers, but organised crime, dishonest insiders and unfortunate mistakes are easily finding their way past these deterrents, especially when critical data lies outside of IT control. Whats more, keeping on top of the threat is stretching IT resources to their limits. Traditional security controls, which demand constant and immediate updates and attention, are just not enough. A new worm attack, http://www.compliancehome.com/whitepapers/HIPAA/abstract10962.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10961.html Mike Ferguson of Intelligent Business Strategies defines what data governance is and then looks at the requirements that need to be met for full data governance to be implemented. He also discusses how to systematically build re-usable data services to automate the tasks needed to formally govern data on an enterprisewide basis in order to accelerate the time to production and guarantee rock-solid data. http://www.compliancehome.com/whitepapers/HIPAA/abstract10961.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/HIPAA/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10959.html There is much confusion in the marketplace over the definition of email storage management. Many vendors and customers are under the wrong impression that storage management and retention management are the same. This document explores the differences between the two terms in relation to regulations and compliance. http://www.compliancehome.com/whitepapers/HIPAA/abstract10959.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10958.html Today, the email archiving marketplace is in the throes of a convergence, but the original requirements are so different that legacy archiving solutions designed for one specific market need have not been able to seamlessly extend their primary functionality to cover the other areas. In addition to the change from archiving some to archiving all email, corporations now need additional features that werent part of original archiving requirements, such as audit trails, search and retrieval, pre- and post-review of emails, and extensive corporate retention and management policies. Worse yet, when archiving demands increase exponentially from archiving under 1,000 mailboxes to over 5,000 or 10,000, legacy archiving solutions simply cannot scale to handle those volumes for compliance, legal discovery, or mailbox management, let alone a combination of the three. ZL Technologies, Inc. conducted this survey to determine exactly what is causing the most headaches among corporations that de http://www.compliancehome.com/whitepapers/HIPAA/abstract10958.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10957.html Several data capture methods have been used to ingest email from mail servers, each with differing advantages and disadvantages. Some methods are useful in small environments but quickly become problematic when large email volumes are encountered. Others are useful only for specific mail servers. Leading email archival applications will utilize multiple methods to support different mail servers and leverage rich archival features for specific mail servers to full data capture and ensure scalability. This document describes the various methods used for data capture and the associated advantages and disadvantages. The methods include: Full MAPI Exchange Transaction Log SMTP Gateway Capture Pull Journaling Push Journaling http://www.compliancehome.com/whitepapers/HIPAA/abstract10957.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10956.html This document outlines the most commonly asked CCO questions and issues, and the responses to them, as compiled by ZL Technologies, after three years of feedback and insight in the email archival space. The data was collected from over 500 companies in regulated industries, including financial and healthcare. Additional information was also gleaned from compliance officers and SEC personnel at various compliance conferences. http://www.compliancehome.com/whitepapers/HIPAA/abstract10956.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10949.html Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include: * Implementing more and appropriate IT controls * Reducing control objectives, making it easier to communicate, measure and report * stablishing higher standards for performance objectives * Encouraging a culture of operational excellence in IT * Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks * Allocating more spend to controls automation http://www.compliancehome.com/whitepapers/HIPAA/abstract10949.html Tue, 01 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10952.html The ISO 27001 standard was published in October 2005 as a replacement to the BS7799-22 standard. It is primarily referred to as the Information Security Management System (IISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. The objective of this standard is to As with several global standards,the scope of this standard is far reaching, with several sets of control objectives and guidelines.Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance. ISO 27001 is recognized internationally as a structured methodology for information security.A widely-held opinion is that ISO 27001 is an umbrella over other standards (such as PCI, SOX, GLBA, HIPAA and COBIT). Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security,as there are 11 major contro http://www.compliancehome.com/whitepapers/HIPAA/abstract10952.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10951.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: *Avoid violations of government and industry regulations *Avoid the leakage of intellectual property *Drive down the cost of compliance through integration, consolidation, and automation http://www.compliancehome.com/whitepapers/HIPAA/abstract10951.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10947.html The General Services Administration (GSA) has awarded a supply contract to Industrial Safety Solutions for their SafetyPro line of industrial labeling equipment and supplies. This new federal contract will give government and military agencies better access to compliance and safety labeling, which have been proven to reduce accident injuries in the workplace. Safety labeling is required by regulatory agencies such as OSHA, and is viewed as a top priority in mitigating occupational hazards. It is estimated that as many as 70% of all worksites, including government operated worksites, have insufficient or outdated visual hazard identification. http://www.compliancehome.com/whitepapers/HIPAA/abstract10947.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10945.html After fortifying their networks perimeters against the external threats from mysterious computer hackers, enterprises are now focusing their attention on eliminating the recognized inside threats of systems-based fraud, misuse, and errors. Every organization faces the risk of technically capable, application-facing employees and insiders who exercise their knowledge of system rules and procedures to http://www.compliancehome.com/whitepapers/HIPAA/abstract10945.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10944.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/HIPAA/abstract10944.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10942.html This paper addresses the increased performance needs of a disaster recovery plan, and the common barriers to achieving success. It also addresses the performance gains that can be achieved by combining a F5 WANJet application acceleration solution with Double-Take replication solutions from Double-Take Software. http://www.compliancehome.com/whitepapers/HIPAA/abstract10942.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10939.html In Europe,the level of awareness of I threats is generally very good.Most organisations know how to deal with viruses,spam,key-logging and other Internet threats.IDC believes that the vast majority of organisations are using,at the very least,antivirus or an antispam tools plus additional security features such as VPNs for remote connection backup and recovery for business continuity.However,this provides just basic protection and covers just half the danger. Threats today are agile,silent and very efficient,especially if organisations do not fully understand where the real threat lies.A single question that can help present the current situation is why have there been so few reports of widespread viruses over the past 12 months? Antivirus systems are certainly now quite effective,and the responsiveness and agility of detection systems reacting to large waves of self-reproductive viruses also improved. Furthermore,with the exception of poor security tools management,such as out of date http://www.compliancehome.com/whitepapers/HIPAA/abstract10939.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10933.html With Web 2.0 threats rendering today's most popular firewall technology basically obsolete, firewalls need to step up and tackle their task to protect public-facing assets like web applications. No longer are Web sites attacked only for the purposes of defacing the site to gain credibility among hacking peers, today it's about the money to be made for the bad guys in the distribution of malware and spam, and firewalls must be up to the challenge. Regulations like PCI DSS, the OWASP list of web application vulnerabilities and a recent study by Google confirms the need for web application security. http://www.compliancehome.com/whitepapers/HIPAA/abstract10933.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10932.html Junk postal mail is a nuisance for those who receive it, but it is limited by two important economic factors: a) junk mail costs something to produce and, as a result, b) senders of junk mail must achieve acceptable content-to-customer conversion rates in order to make the sending of their information economically worthwhile. The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. In fact, spammers can also The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. http://www.compliancehome.com/whitepapers/HIPAA/abstract10932.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/HIPAA/abstract10931.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10929.html The digital age in healthcare is unfolding with the promise of dramatically improving patient care. Through the use f advanced medical technologiessuch s diagnostic imaging and electronic record keepingproviders can offer better and faster diagnoses, reduce errors and protect vital information. But the promise of this new age is tempered by significant challenges for the IT infrastructure, particularly the data storage and retrieval systems that stand at the heart of he evolution. Digital imagery requires enormous amounts of storage,and demand for this exciting diagnostic tool continues to skyrocket. Medical practitioners need access to his data quickly and reliably in order to make accurate, timely diagnoses. And increasingly, new legal and regulatory environment has evolved, calling for longer retention of and better security over these ever-increasing amounts of patient information. http://www.compliancehome.com/whitepapers/HIPAA/abstract10929.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10925.html Researchers with the Ponemon Institute found hat 595 of 00 85%)) IT executives and security officers indicated their businesses have experienced at least one known occurrence of a data security breach.Moreover,experts estimate between 70%and 80%of data security breaches are due to internal access to sensitive information. These alarming statistics illustrate that efforts to safeguard data must move beyond network security and data masking or encryption which can be circumvented by clever perpetrators on the inside. In fact, the number of data privacy and security breaches continues to be on the rise, despite growing regulations and software solutio ons that aim to prevent the average user from being able to view sensitive data. http://www.compliancehome.com/whitepapers/HIPAA/abstract10925.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10922.html Many production plants are linked to the Internet and utilize standard software, which makes them a potential target for hackers. Siemens is making these systems more secure.Security experts at Siemens Corporate Technology use a model production facility to demonstrate how easy it is to compromise the security of some systems. http://www.compliancehome.com/whitepapers/HIPAA/abstract10922.html Thu, 29 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10919.html The increased demands of regulatory compliance are causing corporate business and IT security managers to review their access governance policies and procedures with an eye toward improving the efficiency and reliability of their systems,while reducing the complexity and cost associated with demonstrating compliance.Within many organizations,however,access governance is not viewed as a strategic issue and regulatory compliance is simply regarded as a sunk cost.This narrow perspective can obscure the true value of investing in technologies that strengthen,automate,and streamline access governance,enabling it to be sustainable. http://www.compliancehome.com/whitepapers/HIPAA/abstract10919.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10917.html Small and medium-sized enterprises can protect websites against application vulnerabilities with simple, easy-to-use, and affordable service. Firewall, Intrusion prevention and Detection System (IDS/IPS) are not enough to protect your Website against todays application vulnerabilities. http://www.compliancehome.com/whitepapers/HIPAA/abstract10917.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10916.html Since firms are being held to a higher standard of high availability, the challenge for most is to design server and storage systems that are truly continuous and that guard against unplanned downtime. That means high availability, long associated with application/system uptime, is evolving to include the service of data availability. Aberdeen uses two key performance criteria to distinguish Best in Class (BIC) companies that leverage a high availability strategy: the overall ability to recover critical applications within a short window and year-over-year improvement in ability to recover data. http://www.compliancehome.com/whitepapers/HIPAA/abstract10916.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10915.html To gain some clarity on the data protection market, Aberdeen group has embarked on a survey of end users, in different job roles and across numerous industry sectors, to gain insight into customer's data protection strategies. About 100 customers were surveyed and the results revealed that disaster recovery, business continuance and traditional backup/restore and legal discovery mandates make up the three top drivers behind customers' data protection strategies, while a whopping of 72% of the respondents surveyed cited a http://www.compliancehome.com/whitepapers/HIPAA/abstract10915.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10913.html Email has become the dominant form of business communication rivaling, if not exceeding,the importance of voice networks.Indeed,email has had such an extraordinary impact that,like the fax and ATM,it s hard to imagine life before its widespread adoption over the last decade.The very power of the medium has also attracted a disturbingly large and growing number of security threats spam,fraud,viruses,regulator y violations and intellectual property theft. The volume and sophistication of email security threats continues to grow at an unchecked pace.Most customers observe that as much as 90 percent of their incoming mail is invalid (spam,viruses,etc),and the total number of incoming messages is doubling ever y year,even if the number of employees stays constant.These email security threats are fueled by a powerful profit motive associated with spam,fraud and information theft.This creates resources that bring professional engineers into the business of developing new threats,fur ther http://www.compliancehome.com/whitepapers/HIPAA/abstract10913.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10911.html Email and data security solutions are available in different deployment configurations, from hardware and virtual appliances to software. Another option, http://www.compliancehome.com/whitepapers/HIPAA/abstract10911.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10908.html Remediation of network vulnerabilities before exploits strike is the golden ideal for every organization. Proactive remediation strengthens security by removing the exploitability of assets. This is the safest of all states, and helps to ease traditional reliance as the primary protection against hackers and other network-borne threats.Documentation of regular,ongoing vulnerability remediation is also a common network security requirement of laws and regulations such as PCI, GLBA and HIPAA. http://www.compliancehome.com/whitepapers/HIPAA/abstract10908.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10906.html Trends in enforcement and the potential of new regulations make a strong case for healthcare provideres to conduct preemptive assessments and audits of Privacy and Security compliance with HIPAA. http://www.compliancehome.com/whitepapers/HIPAA/abstract10906.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10905.html Court rulings and enforcement activity emphasize importance of compliance. http://www.compliancehome.com/whitepapers/HIPAA/abstract10905.html Thu, 22 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10904.html HIPAA rules would have allowed release of information by school personnel to law enforcement http://www.compliancehome.com/whitepapers/HIPAA/abstract10904.html Wed, 14 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10900.html Compliance regulations now require that security professionals capture audit records for access to sensitive data stored in databases. There are a number of approaches available and this paper introduces the reader to several options for automating database auditing. http://www.compliancehome.com/whitepapers/HIPAA/abstract10900.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10897.html Data privacy concerns have skyrocketed in recent years as companies become aware of just how vulnerable they are. The Privacy Rights Clearinghouse estimates that more than 94 million personal records were exposed in security breaches between February 2005 and now. And its not just the Citibanks of the world that were affected.Take the case of the Bisys Group, a New Jersey provider of investment and insurance solutions for financial firms. Personal details about 61,000 hedge fund investorsincluding the Social Security numbers of 35,000 individualswere lost in June when an employees truck carrying backup tapes was stolen. http://www.compliancehome.com/whitepapers/HIPAA/abstract10897.html Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10896.html Although roles-based access control (RBAC)has been the subject of much interest in the past,experience with it has been mostly disappointing.The challenge of discovering established roles,defining new roles according to business need,connecting roles properly to the IT infrastructure,ensuring that they meet all compliance requirements,and managing roles through their natural lifecycles has,until now, proved to be too complicated and cumbersome to be practical. However,a new roles-based model of access governance has evolved that overcomes these problems with an approach that provides a bottom-up perspective of roles (the reality of current user access) and connects it to a top-down business perspective (how a role works in conjunction with a business process.)As a result,roles can now be implemented in a manner that both simplifies access control and makes access governance,risk management,and compliance easier. http://www.compliancehome.com/whitepapers/HIPAA/abstract10896.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10894.html Email and data security solutions are available in different deployment configurations, from hardware and virtual appliances to software. Another option, http://www.compliancehome.com/whitepapers/HIPAA/abstract10894.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10889.html A survey of 185 IT professionals finds that, although computer and data security are high priorities, they are surprisingly unprepared to prevent data breaches and computer theft. One out of four organizations surveyed had a data breach in the past year. Preventative measures are found to be consistently undermined, with only 1 in 100 employees consistently following security policy. This white paper explores the survey findings. http://www.compliancehome.com/whitepapers/HIPAA/abstract10889.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10888.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: Avoid violations of government and industry regulations Avoid the leakage of intellectual property Drive down the cost of compliance through integration, consolidation, and automation Strong security and governance programs should be symbiotic in nature. A total identity and access management (IAM)driven governance, risk, and compliance (GRC) solution should ensure foolproof and accurate measurements of policies and practices across the enterprise. This ideally includes creation and life-cycle support for policy and standards development, solid and integrated access and identity administration, security and vulnerability scanning, and audit and remediation capabilities. http://www.compliancehome.com/whitepapers/HIPAA/abstract10888.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10887.html In order to comply with HIPAA, CEs must have organization-wide policies, procedures, reporting applications, and technologies in place to secure protected information, much of which is communicated electronically through email and FTP. http://www.compliancehome.com/whitepapers/HIPAA/abstract10887.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10886.html Today's business environment is leading users to demand better, more manageable file transfer methods than the traditional FTP, email, and courier services. Best practices include choosing a secure file transfer solution as a central component of your communication with the outside world - do you know the right questions to ask? Find out how to select the right solution to manage and send files simply and securely. http://www.compliancehome.com/whitepapers/HIPAA/abstract10886.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10882.html Computers and electronics run our infrastructure and our world. Electronic signals support generation, transmission, and distribution of power that keeps our lights on and the water coming out of our taps. They also support the entire global industrial manufacturing infrastructure. They are so ubiquitous that at a recent industry conference, a top cyber agent at the FBI was quoted as saying, http://www.compliancehome.com/whitepapers/HIPAA/abstract10882.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10880.html Driven by increasing regulatory scrutiny and the need to protect key corporate assets such as intellectual property, compliance and issues surrounding data leakage have risen to the top of the list of priorities for today s corporate executive.Federal US legislation such as HIPAA and GLBA,as well as state laws such as California s SB-1386,clearly define acceptable practices with regards to digital information security.In addition,corporate governance rules have mandated strict policies to deal with authorized and unauthorized access,and use of sensitive corporate information by employees,partners and auditors. http://www.compliancehome.com/whitepapers/HIPAA/abstract10880.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10879.html BURNED BY ENRONESQUE ACCOUNTING scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a companys shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.But companies that scramble reactively to implement one-off responses to each new set of compliance regulations wont rebuild stakeholder trusttheyll just spend a lot of money on shortsighted solutions. Companies committed to gaining stakeholder trust, as well as better planning and decision making are, instead, taking an integrated approach to the related issues of governance, risk management, and compliance (GRC). The approachcomprises of people, processes http://www.compliancehome.com/whitepapers/HIPAA/abstract10879.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10878.html This research benchmark provides insight and recommendations for all organizations that are compelled to manage, audit, and report on security-related systems and information for purposes of demonstrating compliance with industry regulations, government regulations, industry standards and best practices, or internal policies. By doing so on a more consistent and repeatable basis, Best-in-Class organizations have demonstrated their ability to lower operational costs, support higher scale, reduce security risks, and maintain consistent policies for security and compliance. http://www.compliancehome.com/whitepapers/HIPAA/abstract10878.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10877.html One of the biggest challenges in continuity planning is identifying and protecting essential elements. An effective plan must be departmentally broad, and consider the needs of the entire enterprise. The goal is to understand what is critical, and to encompass all of the necessary parts (personnel, network, platforms, applications and data) when evaluating the components that support critical processes. Good business continuity planning (BCP) needs to take a broad view, embracing people, human behavior, customers and other factors that lie outside the data center. It is also important to secure the vision (and endorsement) of executive management. Planning for business continuity is similar to buying life insurance. http://www.compliancehome.com/whitepapers/HIPAA/abstract10877.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10876.html The tragic events of September 11th and Hurricane Katrina have raised awareness of business continuity and disaster recovery at all businesses. These are extreme examples of threats against which businesses must be protected, and luckily, these events are rare and isolated. For most businesses the threats that must be protected against are far more mundane, though still devastating: power failures, water main breaks, storms and fires. For this reason, all businesses must make business continuity and disaster recovery (BC/DR) part of day-to-day business planning and operations. There are many facets to successful BC/DR and this issue paper focuses on the high-level issues that small and medium sized business must address when considering BC/DR: policy, a plan and regular audits. http://www.compliancehome.com/whitepapers/HIPAA/abstract10876.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10874.html Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include: * Implementing more and appropriate IT controls * Reducing control objectives, making it easier to communicate, measure and report * Establishing higher standards for performance objectives * Encouraging a culture of operational excellence in IT * Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks * Allocating more spend to controls automation http://www.compliancehome.com/whitepapers/HIPAA/abstract10874.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract10869.html Make sure you know how to use the right set of code analysis tools to mitigate risks posed by insecure enterprise applications. It has recently become clear that the core threat is to the network, but to the enterprises private data and the applications/business functions that interact with that data. But how does an organization choose the right set of application security tools to mitigate this risk? Equally important: how, when, and by whom are these tools used most effectively? This white paper examines the three most common tools used to combat critical security vulnerabilities, including an at-a-glance summary report card. http://www.compliancehome.com/whitepapers/HIPAA/abstract10869.html