http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12048.html The Payment Card Industry Data Security Standard (PCI-DSS) is a brief, pragmatic and very reasonable set of standards intended to guide financial institutions, retailers and other data processors in protecting data about credit cards and their owners. It is organized into six logical categories: 1. Build and Maintain a Secure Network. 2. Protect Cardholder Data. 3. Maintain a Vulnerability Management Program. 4. Implement Strong Access Control Measures. 5. Regularly Monitor and Test Networks. 6. Maintain an Information Security Policy. PCI-DSS is unique among major regulatory requirements for corporations and government agencies in that it specifically lays out what organizations must do and what they must not do to comply. This makes compliance much more straightforward than regulations such as SOX, HIPAA, etc. which are ambiguous in regards to information security. To fulfill all of the requirements in PCI-DSS, organizations must deploy a combination of sound business practices and v http://www.compliancehome.com/whitepapers/PCI/abstract12048.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12037.html This white paper will provide an amalgamation of how log management can play a pivotal role to address PCIDSS requirements and proves to be a success factor and enabler for safeguarding cardholder transaction Data and providing a secure and vulnerable free environment for cardholders http://www.compliancehome.com/whitepapers/PCI/abstract12037.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12027.html The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to establish minimum security requirements, but there are also best practices that companies can follow to better understand the intent of the Standard, as well as to help provide a smooth implementation. This paper outlines several guidelines on how to achieve a high level of success when performing a PCI DSS compliance project. The tips are not rules, but rather guidelines based on years of industry experience. http://www.compliancehome.com/whitepapers/PCI/abstract12027.html Wed, 20 Oct 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12000.html Penetration Testing should do more than assess the external network for obvious flaws. Discover how enhancing the penetration testing process will ultimately lead to a stronger and more compliant security posture. http://www.compliancehome.com/whitepapers/PCI/abstract12000.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11977.html This whitepaper discusses the drivers for datacenters moving to the cloud, the role of virtualization in both public and private cloud infrastructures and outlines the security and compliance implications of cloud computing - providing insight into the protection of sensitive data in the cloud via administrative access and privileged delegation. http://www.compliancehome.com/whitepapers/PCI/abstract11977.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11973.html Risk is a function of the likelihood that a given threat-source might exercise a particular potential vulnerability, and the resulting impact of that adverse event on the organization. In IT systems, risk can be introduced from the internet, servers, networks, malicious insiders, and even lapses in physical security. However, the current rate of newly discovered vulnerabilities in software has risen to the top of the agenda for security professionals striving to control their companys overall risk profile. Until now, enterprises have lacked an efficient manner to analyze the security of software as part of their risk management processes. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting the software supplier to test their own code. None of these approaches scale to cover an enterprises entire application portfolio and can add significant time and costs to projects. In an effort to combat this growing trend, n http://www.compliancehome.com/whitepapers/PCI/abstract11973.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11970.html Looking for a better way to manage security and compliance issues swiftly and with minimum impact to your business? Download this solution brief from RSA, The Security Division of EMC, to learn how organizations are combining the RSA Archer eGRC Suite with the wider RSA and EMC portfolio to automate security and compliance processes, prioritize and streamline incident response, and communicate risk clearly at all levels of the business. http://www.compliancehome.com/whitepapers/PCI/abstract11970.html Thu, 27 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11962.html How to best comply with PCI-DSS using IBM Power i http://www.compliancehome.com/whitepapers/PCI/abstract11962.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11946.html The GCSX Code of Connection is an important step along the journey to provide a secure infrastructure for public sector business. At the time of writing most, if not all, work in local authorities to achieve compliance with the Code of Connection has been completed. In isolation, GCSX Code of Connection compliance may be seen to deliver little extra value back to the organisation, so it is important that a successful implementation be used as a catalyst for an improvement in overall organisational compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11946.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11944.html There are many commercially available information security tools on the market, many of which can help with PCI compliance. At a minimum, achieving PCI-DSS requires 4 security solutions. First, a firewall and Intrusion Prevention System (IPS), however most modern IPS devices include firewall functionality as well. Second, a Database Monitoring system (DAM, or DBM) and/or an Application Monitoring system to monitor, protect, and log all access to sensitive data. Third, a Log Management system to store all logs in a secure manner, for audit purposes. Finally, a Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes. This document details the specific product functionality that applies to each of the 12 PCI requirements. http://www.compliancehome.com/whitepapers/PCI/abstract11944.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11942.html With adoption of the PCI DSS expanding throughout the United States and into Europe, organizations subject to PCI compliance face several key challenges. Learn more about these challenges, how to address them, and how Tripwire IT security and compliance automation solutions can help. http://www.compliancehome.com/whitepapers/PCI/abstract11942.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11941.html In this case study, an enterprise-level business processing outsourcer is required to be in continuous compliance with the Payment Card Industry Security Standard (PCI DSS). Its struggle to stay in compliance using antiquated manual processes drove it to seek out a solution that would automate this process. Quickly analyzing and auditing its firewalls, managing its rulebase, and proving to its customers that their data was protected and secure was also critically important. Read on to learn how this organization sustains automated PCI DSS compliance while realizing significant savings in time, money, and people within days using Skybox Security's firewall compliance and analysis solutions. http://www.compliancehome.com/whitepapers/PCI/abstract11941.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11940.html According to Gartner, enterprises that have not deployed wireless are at a higher risk of exposure from rogue wireless devices. Even enterprises that are deploying wireless must tackle the problem of rogue WLANs from employees who do not have wireless access, contractors, auditors, vendors, etc., who bring in their own equipment while operating within the office, or potential espionage traps. This paper provides an overview of the different types of rogue wireless devices (APs, wireless stations, ad hoc networks, soft APs, accidental & malicious associations), risks faced by enterprises due to their proliferation and multiple approaches to detecting and mitigating them. http://www.compliancehome.com/whitepapers/PCI/abstract11940.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11939.html Wireless communications that use a shared Radio Frequency medium are often vulnerable to Denial of Service (DoS) attacks. Wireless DoS attacks can be initiated at the physical or MAC layer and can cripple a WLAN. While intentional DoS attacks cause the most damage, unintentional interference can also be deleterious. Physical layer DoS attacks are caused by RF jammers that prevent WLAN devices from communicating. This paper provides an overview of various WLAN DoS scenarios and available countermeasures to detect and mitigate them. http://www.compliancehome.com/whitepapers/PCI/abstract11939.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11938.html Firewalls and VPNs are well-established perimeter security solutions. The introduction of wireless technologies has created a new category of entry point circumventing traditional security components. Many recently publicized data breaches in the retail industry have exploited wireless vulnerabilities. Attackers have been able to access sensitive applications and databases regardless of security systems such as firewalls and VPNs. Wireless intrusion prevention is required to thwart wireless attacks and provides the least costly method of adhering to the PCI DSS wireless security requirements. This paper provides a brief overview of some of the most important threats that wireless presents to retail network security and illustrates how traditional defenses such as firewalls and VPNs are just not enough http://www.compliancehome.com/whitepapers/PCI/abstract11938.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11937.html Just like wired networks, 802.11 wireless LANs require network policies that are designed, implemented, and enforced to maximize network performance and reduce exposure to the inherent security flaws in 802.11 wireless LANs. The many benefits and expected return on investment of a wireless LAN can be wiped out if a security and management policy is not in place and enforced. This paper is designed to guide network administrators and security managers to design, implement, and enforce wireless LAN security policies that enable every organization to fully reap the benefits of wireless LANs without experiencing undue management pains and security holes. This paper will also cover how organizations can comply with regulatory policies like HIPAA, PCI, GLBA - Safeguards Rule, DoD 8100.2, Sarbanes-Oxley Act etc. http://www.compliancehome.com/whitepapers/PCI/abstract11937.html Wed, 28 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11935.html E-commerce has provided organizations of all sizes the ability to reach new markets and offer products and services to, in essence, the world. Entrepreneurs, small to medium businesses, charitable groups, and other established organizations may even rely on online transactions as a primary method of revenue. Because of the critical nature of E-commerce, a web hosting solution that provides constant and reliable internet connectivity is often required in order to accommodate transactional requests from the organizations' consumers. E-commerce transactions must be performed in a way that helps build consumer trust by limiting the risk of fraudulent activities as well as ensuring the privacy of consumer information. The reality, however, is that as of 2005, the Privacy Rights Clearinghouse has recorded approximately 345 million breached records in the U.S. alone. Many of these records are listed as credit card numbers or other card holder data which was lost, stolen, or accessed without a http://www.compliancehome.com/whitepapers/PCI/abstract11935.html Wed, 21 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11934.html A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were considered more of a nuisance than a help. There were too many of them, they werent easily collected, and there was no easy way to make sense of which were important. When network administrators had log recording turned on, they were lost in a sea of data, and would have to sift through it all in an attempt at analyzing suspicious activities http://www.compliancehome.com/whitepapers/PCI/abstract11934.html Wed, 21 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11933.html Log Monitoring is vital to an effective information security program. Windows Log Monitoring: Best Practices for Security and PCI Compliance is designed to provide you with greater insight into the Windows logs that need to be collected for security and compliance purposes, and how to properly configure your Windows system to log this information. This document is the result of extensive research into the generally accepted best practices for Windows log monitoring performed in conjunction with SecureWorks team of PCI Qualified Security Assessors and recognized Windows expert Randy Smith, founder of the Monterey Technology Group and author of Ultimate Windows Security. http://www.compliancehome.com/whitepapers/PCI/abstract11933.html Wed, 21 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11932.html As the Payment Card Industry Data Security Standard (PCI DSS, or PCI) becomes more widely adopted, organizations all over the United States and Europe face five major challenges when navigating the PCI compliance landscape: Misunderstanding what the term PCI compliance means in a given context , Treating PCI compliance as an audit process rather than a private industry standard, Scoping PCI compliance too broadly, Treating PCI compliance as a single-point-in-time, rather than ongoing activity , Failing to use automated tools to generate evidence of continuous compliance. Read this white paper to learn about these challenges in-depth, along with their implications. It also provides a plan of action that organizations subject to PCI can take to address PCI DSS compliance needs. http://www.compliancehome.com/whitepapers/PCI/abstract11932.html Tue, 13 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11929.html Effective September 30, 2010, the Payment Card Industry Data Security Standard (PCI DSS) will apply to organizations in the UK; specifically, Level 1 merchants must be validated as PCI DSS compliant. Recent research undertaken in the UK by Redshift Research of behalf of Tripwire reveals that with just months to go before the compliance validation deadline, only 12 percent of UK organizations that handle credit card data currently have been audited and certified PCI compliant. Read this white paper to learn more about the requirements of PCI DSS compliance and how your organization should be preparing for September 30th. http://www.compliancehome.com/whitepapers/PCI/abstract11929.html Tue, 13 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11926.html The Health Insurance Profitability and Accountability Act (HIPAA) and Payment Card Industry (PCI) regulations are top priorities at Aurora Health Care, and significant time and resources are required to audit and document IT and security policy compliance. Both industry regulations require organizations to secure important systems on their network, those systems containing patient information for HIPAA and those relating to credit card processing for PCI. In this case study, learn how Aurora automated the auditing of their network and systems, documented compliance status and proved due diligence to their auditors. http://www.compliancehome.com/whitepapers/PCI/abstract11926.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11924.html For more than a decade, government and industry bodies around the world have issued a growing number of regulations designed -- in whole or in part -- to ensure the security, integrity and confidentiality of personal and corporate data. These mandates span a range of industries, from financial institutions to healthcare providers to utilities firms to retailers and beyond. Regulations are often mandatory and compliance must be verifiable. In many cases, organizations and their company officers found to be noncompliant may be subject to fines or legal action, in addition to facing exposure to risks associated with internal data breaches. http://www.compliancehome.com/whitepapers/PCI/abstract11924.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11923.html Controlling the inherent limitations in the all-or-nothing administrator role, as super user in standard Unix, Linux and as local administrator in Windows servers, has created a market for privileged account management solutions. However, adding policy-driven privileged account protection to control session changes or privileged command execution using SUDO have been technical band-aids to overcome the architectural weaknesses of the operating systems. In addition to still utilizing privileged passwords, all be it in a more controlled fashion, these technical band-aids also fail to control the root user from opening, changing and deleting pre-defined files and directories, making it difficult for organizations to achieve compliance with the latest PCI and HIPAA-2 regulations. http://www.compliancehome.com/whitepapers/PCI/abstract11923.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11922.html This white paper examines the compelling business and technical case for centralizing administration in Microsoft's Active Directory, using Centrify's DirectControl to extend Active Directory authentication and access control to your UNIX, Linux and Mac OS systems and applications, and using Centrify's DirectAudit to log user activity to provide you a clear picture of end user actions on all UNIX and Linux systems. Combined, Active Directory, DirectControl and DirectAudit provide a comprehensive solution to address specific PCI DSS requirements. http://www.compliancehome.com/whitepapers/PCI/abstract11922.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11921.html Today, compliance is synonymous with IT security, which is becoming less about reaction and more about prevention. With expanding IT threats, Cyber Security initiatives and PCI compliance standards, system-wide visibility has become a function of control in well-managed networks. Application Whitelisting is an approved security solution for demonstrating PCI compliance and Gartner advises it should be http://www.compliancehome.com/whitepapers/PCI/abstract11921.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11919.html The PCI requirement of onsite audits by a third party and annual self-assessments of large to mid transaction processing merchants is in its fifth year. Habitual PCI compliance practices are in place and companies are getting better at checking the PCI box. Some habits include ongoing self-assessments to ensure PCI readiness. Research from the IT Policy Compliance Group has shown that companies required to comply with multiple regulations and who continually practice ongoing self-assessments, not only meet compliance of those regulations, but have higher customer satisfaction and increased revenues. In addition to ongoing self-assessments, companies are taking a top down approach to compliance by understanding their organizational policies and mapping them to standards and regulations in order to choose the best security controls to put in place. This top down approach leverages existing technology by helping companies to understand what controls will work best to comply with multiple http://www.compliancehome.com/whitepapers/PCI/abstract11919.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11916.html Avoid the common mistake enterprises make in their compliance efforts Are your compliance projects focused on passing an audit? You may successfully complete your IT projects, address the regulation, and pass the audit. But, a check box approach to compliance may not save you from the damage of a security breach. The most effective compliance strategy is to focus on the key elements for a properly secured network. With a network approach to compliance, IT ends up with a well-managed enterprise infrastructure, not just a series of checked boxes for a particular audit. Learn how to leverage tools and resources, increase staff efficiency and save compliance cost http://www.compliancehome.com/whitepapers/PCI/abstract11916.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11915.html In an effort to improve business security, compliance and productivity, privilege authorization policies must be redesigned and user permissions more granularly managed. Read this white paper for a discussion on how your enterprise can empower IT to eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers using globally proven Privilege Identity Management (PIM) solutions that increase security and compliance without impacting productivity. http://www.compliancehome.com/whitepapers/PCI/abstract11915.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11911.html Avoid the common mistake enterprises make in their compliance efforts Are your compliance projects focused on passing an audit? You may successfully complete your IT projects, address the regulation, and pass the audit. But, a check box approach to compliance may not save you from the damage of a security breach. The most effective compliance strategy is to focus on the key elements for a properly secured network. With a network approach to compliance, IT ends up with a well-managed enterprise infrastructure, not just a series of checked boxes for a particular audit. Learn how to leverage tools and resources, increase staff efficiency and save compliance cost http://www.compliancehome.com/whitepapers/PCI/abstract11911.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11909.html Symantec is Healthcare! Your patients trust you with their lives, let them also trust you with their data. Symantec provides products and services to reduce the challenges Healthcare Providers are having in Storing, Securing and Sharing protected health information in support of the US Governments definition of meaningful use. Symantecs Security and Compliance solution will reduce the risk associated with breaches of Protected Health Information (PHI), proactively protect PHI, train all employees on the proper handling of PHI, per HIPAA and The Joint Commission requirements. Symantecs compliance solution will reduce the organizations overall resources required to comply with the various industry regulations like HIPAA, HITECH, PCI and The Joint Commission. http://www.compliancehome.com/whitepapers/PCI/abstract11909.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11899.html A new privacy regulation in Massachusetts has evoked anxiety for many, but the requirements, which have been referred to as the strictest in the nation, may prove to be no big deal. The legislation differs from other state disclosure bills because it insists that organizations take measures to protect information, as opposed to other guidelines that only require companies alert customers should their data be compromised. A number of experts we spoke with for this ebook, say that for companies already in line with PCI or HIPAA, tweaking their security practices should not be a burden. http://www.compliancehome.com/whitepapers/PCI/abstract11899.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11898.html The goal of the HIPAA Security Rule is to ensure the protection of electronic healthcare information that may be at risk. However, many healthcare organizations struggle to perform the tasks required for HIPAA compliance, especially if many of those tasks are manual. What's needed is a solution to automate and simplify HIPAA Security Rule compliance; one that can reduce manual efforts and produce consistent results. Download this guide to see how nCircle can help automate and simplify HIPAA compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11898.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11897.html The PCI Data Security Standard (DSS) is one of the most prescriptive standards for any industry and includes very specific requirements for security the payment network. Payment card network members who find themselves out of compliance with PCI DSS can face stiff penalties and ultimately loss of business. Download this guide to learn how nCircle can help automate many tasks required for PCI compliance, at a much lower cost than previous methods. http://www.compliancehome.com/whitepapers/PCI/abstract11897.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11884.html PCI Compliance has become a business requirement for any company involved in processing credit card information. It requires strong security controls over all systems and applications that process or store cardholder information. These controls serve to enforce access rights to all confidential information, and to identify and remediate areas of potential exposure of customer credit card information. PCI Compliance requires comprehensive security across a range of systems and applications. CA Security Management solutions enable you to create strong security controls to help achieve PCI compliance. Access to all cardholder information is strongly controlled and audited, applications are protected against attacks, and areas of exposure risk are detected and remediated effectively. CA Security Management is an excellent foundation for a comprehensive PCI compliance program. Read this paper to learn more. http://www.compliancehome.com/whitepapers/PCI/abstract11884.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11882.html With numerous news stories detailing public data breaches that have led to sensitive data getting releasedon websites, stolen as part of a laptop theft, or even released accidentally over an email or instant messageorganizations are increasingly under pressure to protect privacy data. Over the last few years, this challenge has been compounded by increasing compliance regulations that can mean fines or even jail time if privacy data is mishandled. In California and other states that have enacted similar laws, organizations are now forced to publicly disclose if computerized data files have been compromised by unauthorized access that might open up the risk for identity theft. The impact on privacy data leaks can impact an organizations brand and public reputation, not to mention put its customers, employees and partners at serious risk. This white paper presents the top ten regulatory compliance requirements to consider when selecting a privacy data protection solution. http://www.compliancehome.com/whitepapers/PCI/abstract11882.html Tue, 09 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11878.html ABSTRACT: Enterprises are seeking ways to simplify and reduce the scope of the Payment Card Industry's Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCI DSS compliance and significantly increase the chance of audit success. Compliance with the PCI DSS is a combination of documented best practices and technology solutions that protect cardholder data across the enterprise. This paper explores the use of tokenization as a best practice in improving the security of credit card transactions, while at the same time minimizing the cost and complexity of PCI DSS compliance by reducing audit scope. http://www.compliancehome.com/whitepapers/PCI/abstract11878.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11873.html Taxes are certainly not fun, but there is something worse: an audit. Combine the two in a risk and compliance scenario and you have the onerous http://www.compliancehome.com/whitepapers/PCI/abstract11873.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11872.html In order to standardize security for the payment card industry, all providers must comply with the Payment Card Industry Data Security Standard (PCI-DSS). Unfortunately, many merchants aren't in compliance! What does this mean for them - and you? Fines, lost business and a shaky reputation with your customers. In this new Quest Software white paper, learn about each and every PCI-DSS requirement - and the solution you need to address them. Whether for Windows, Exchange or even UNIX systems, discover the tools and controls to quickly and easily comply with PCI-DSS. Read it today. http://www.compliancehome.com/whitepapers/PCI/abstract11872.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11871.html Managing IT risk is part of running any business these days. Regardless of what business you're in, understanding IT risk can help you increase network security, reduce management costs and achieve greater compliance. Corporate leaders who fail to identify, assess and mitigate IT risk are setting themselves up for serious security breaches and financial losses down the road. And those leaders who think that managing IT risk is the job solely of the IT staff may be in for a big shock. Read this paper to learn how to effectively assess IT risk and manage compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11871.html Tue, 02 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11869.html By design, the Payment Card Industry Data Security Standard (PCI DSS) strives to provide merchants with a high level of technical detail so that organizations know when they're http://www.compliancehome.com/whitepapers/PCI/abstract11869.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11868.html For many organisations Chief Information Officers and Chief Security Officers, the Payment Card Industry Data Security Standard (PCI DSS) was going to spell the end of the road for criminals who were cashing in on the supposedly easy target of credit card theft - and its subsequent fraudulent use of their customers data. The theory being, it would be harder to obtain the cardholder data in the first place due to the more robust and standardised approach to data security (under the new PCI DSS regime). Unfortunately, as we have seen, many companies are still struggling to demonstrate compliance, with costs associated with meeting PCI requirements spiralling out of control. And despite the pressure of fines being imposed, organisations continue to struggle with PCI DSS compliance, and worse still some organisations that have achieved PCI DSS compliance are still suffering from costly and embarrassing data losses / breaches e.g. TJ MAXX, Hannaford Brothers. http://www.compliancehome.com/whitepapers/PCI/abstract11868.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11867.html The Security Standards Council of the Payment Card Industry (PCI) owns and maintains the Data Security Standard (DSS), which is a rigorous set of requirements that all merchants, payment processors, point-of-sale vendors, and financial institutions must follow. The stiff penalties defined by PCI members are designed to ensure that all merchants and service providers work to maintain consumer trust of payment cards since that loss would impact the revenues of all merchants and financial institutions. This white paper examines the compelling business and technical case for centralizing administration in Microsofts Active Directory, using Centrifys DirectControl to extend Active Directory authentication and access control to your UNIX, Linux and Mac OS systems and applications, and using Centrifys DirectAudit to log user activity to provide you a clear picture of end user actions on all UNIX and Linux systems. Combined, Active Directory, DirectControl and DirectAudit provide a comprehe http://www.compliancehome.com/whitepapers/PCI/abstract11867.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11864.html As the PCI DSS and its sister standards continue to evolve and gain momentum, organizations will have to bake compliance into their everyday operations in order to eliminate fire drills, contain costs, keep current customers and attract new ones. It has been more than five years since the heavyweights in the payment card industry banded together to develop common stan dards to protect users from fraud. Since then, the standards have gone global, expanding beyond merchants to include their application providers as well, and becoming more prescrip tive. In this whitepaper you will learn how to stay continuously compliant using automation to develop and maintain a known secure state for your infrastructure. http://www.compliancehome.com/whitepapers/PCI/abstract11864.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11863.html PCI compliance is a challenge for midsize and large companies alike, as there are four phases to meeting the PCI DSS requirements: assessment, remediation, compliance and maintenance. Read this white paper as IBM reveals five key 'sticking points' organizations have been facing on the path to PCI DSS compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11863.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11858.html The Payment Card Industry (PCI) Security Standards Council is an open global forum launched in 2006 with a mission to enhance payment account data security. Founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc., the organization developed and governs a series of PCI Security Standards. Those compliance standards include: Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and Pin-Entry Device (PED) Requirements. All five founding members have incorporated the PCI DSS as the technical requirements for their own data security compliance programs. PCI compliance is a complex and ever evolving subject affecting millions of businesses. http://www.compliancehome.com/whitepapers/PCI/abstract11858.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11857.html It has been more than five years since the heavyweights in the payment card industry banded together to develop common standards to protect users from fraud. Since then, the standards have gone global, expanding beyond merchants to include their application providers as well, and becoming more prescriptive. As the PCI DSS and its sister standards continue to evolve and gain momentum, organizations will have to bake compliance into their everyday operations in order to eliminate fire drills, contain costs, keep current customers, and attract new ones. http://www.compliancehome.com/whitepapers/PCI/abstract11857.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11856.html The credit card industry is stepping up efforts to strengthen cardholder data security by raising member validation requirements for compliance with the Payment Card Industry Data Security Standard (PCI-DSS). As part of these requirements, both internal and external network scanning play a critical role in achieving compliance. This security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels. http://www.compliancehome.com/whitepapers/PCI/abstract11856.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11855.html A Guide for Merchants and Member Service Providers This white paper reviews the basics of PCI, including who must comply, compliance requirements, validation requirements and penalties. It also examines key things to look for when selecting a PCI network testing service and introduces QualysGuard PCI. Topics in this white paper include: * Compliance Requirements of the PCI Data Security Standard * Participation and Validation Requirements * Selecting a PCI Network Security Testing Service * Automating the PCI Validation Process with QualysGuard PCI http://www.compliancehome.com/whitepapers/PCI/abstract11855.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11854.html Complying with the PCI Data Security Standard may seem like a daunting task for merchants. This book is a quick guide to understanding how to protect cardholder data and comply with the requirements of PCI - from surveying the standard's requirements to detailing steps for verifying compliance. PCI Compliance for Dummies arms you with the facts, in plain English, and shows you how to achieve PCI Compliance. In this book you will discover: * What the Payment Card Industry Data Security Standard (PCI DSS) is all about * The 12 Requirements of the PCI Standard * How to comply with PCI * 10 Best-Practices for PCI Compliance * How QualysGuard PCI simplifies PCI compliance http://www.compliancehome.com/whitepapers/PCI/abstract11854.html