Compliance news, analysis, research, how-to, opinion, and video.

cloud map
gottfried leibbrandt ceo swift sibos 2016

02 bank teller

NY regulation aims to raise bank security standards

Next week, New York State will begin a 45-day public comment period on its new financial industry cybersecurity regulation -- and, so far, security experts have a favorable view of the proposal

hpe media gallery image 3

Plan now for the EU's privacy regulation revolution, says HPE exec

The cost of complying with the European Union's General Data Protection Regulation might seem like something best deferred until it enters force in 2018 -- but working on compliance could boost profit, not reduce it, say some vendors....

protecting data

How to protect your mission-critical information

A new report by the Information Security Forum (ISF) outlines the steps you can take to determine your mission-critical information assets &and create customized plans for protecting them.

5 commonly misunderstood compliance terms

Understanding the terms is critical given the complexity of compliance, and will help you when analyzing the best technology solutions to manage compliance as a whole

NASA logo

NASA CIO allows HPE contract to expire, refuses to sign-off on authority to operate

In the wake of continued security problems, NASA's CIO is sending a no-confidence signal to Hewlett Packard Enterprise, which received a $2.5 billion contract in 2011 to address problems with the agency's outdated and insecure...

pixelated clouds reflecting on building windows

Experts challenge Skyhigh's patent for cloud-based encryption gateway

Skyhigh Networks, Inc., announced today that it has received a patent for using a hosted gateway to encrypt and decrypt data moving between users and cloud services such as Office 365, but some experts say that the technology new...

point of sale credit card pci

EMV transition involves many moving parts

There's a lot of finger pointing going around about why the transition is going so slowly, but the bottom line, according to experts, is that the United States has a more complicated infrastructure than other countries and the...

bicycle multi tool

Using compliance as a tool for change

Our manager leverages gaps in security compliance to enhance the security program.

Start up your privacy awareness program: posters

Every comprehensive privacy program includes a formal training component. In person classes, computer-based training and webinars are some of the ways to fill this need. Formal privacy training most often occurs once a year. However,...


Compliance Dictionary aims for a simpler life

With the assistance of machine learning, the UCF's Compliance Dictionary seeks to simplify the process of creating common controls with a lexicon that maps the connection between terms in authority documents.

smartphones tablet mobile devices

How to get rid of the digital dust by creating a sustainable device plan

A corporate sustainability program that includes policy, procedure and a plan for recycling technology devices not only benefits the environment, but may also add to your operating bottom line.

point of sale credit card pci

PCI DSS 3.2: The evolution continues

The payment card industry security standard continues to “evolve” in the word of experts, in minimizing the most obvious risks of breaches and fraud. Merchant groups remain critical of what they see as too much of a “blame game”...

01 checklist

SIEM: 14 questions to ask before you buy

Today's SIEM technology boasts more brain power than ever, but many organizations fail to realize its full promise. Here are the key questions you need to ask to ensure the solution you choose will deliver.

collage of financial banking charts and graphs

Financial services firms struggling with ecommunications

In its sixth annual survey of electronic communications compliance, compliance and ediscovery specialist Smarsh reports that financial services firms are struggling to retain and supervise the growing volume and variety of...

mit dreyfus building 2

What is the difference between privacy and security?

Understanding the difference between privacy and security will explain why a privacy program is dependent upon a security program, thereby making a cooperative, interdependent relationship between the teams (and the Chief Privacy...

nyse stock trading

Regulators: cybersecurity poses biggest risk to global financial system

Last week, the chair of the Securities and Exchange Commission called cybersecurity the biggest risk facing the global financial industry. The SEC promises to step up regulation and Swift itself is expected to launch a new cyber...

chip pin credit card reader

Retailers must upgrade authentication, encryption and pen testing

The PCI Security Standards Council now requires better authentication, encryption and penetration testing by companies that accept consumer payments, improvements lauded by security expert.

privacy policy

Privacy policy or privacy notice: what's the difference?

Is there a difference between a privacy policy and a privacy notice? Some of the confusion comes from a company’s description of their privacy practices on their website being called a privacy policy. Some people ask, “Isn’t the...

Load More