Compliance

Compliance news, analysis, research, how-to, opinion, and video.

NASA logo
pixelated clouds reflecting on building windows

point of sale credit card pci

EMV transition involves many moving parts

There's a lot of finger pointing going around about why the transition is going so slowly, but the bottom line, according to experts, is that the United States has a more complicated infrastructure than other countries and the...

bicycle multi tool

Using compliance as a tool for change

Our manager leverages gaps in security compliance to enhance the security program.

Start up your privacy awareness program: posters

Every comprehensive privacy program includes a formal training component. In person classes, computer-based training and webinars are some of the ways to fill this need. Formal privacy training most often occurs once a year. However,...

compliance2

Compliance Dictionary aims for a simpler life

With the assistance of machine learning, the UCF's Compliance Dictionary seeks to simplify the process of creating common controls with a lexicon that maps the connection between terms in authority documents.

smartphones tablet mobile devices

How to get rid of the digital dust by creating a sustainable device plan

A corporate sustainability program that includes policy, procedure and a plan for recycling technology devices not only benefits the environment, but may also add to your operating bottom line.

point of sale credit card pci

PCI DSS 3.2: The evolution continues

The payment card industry security standard continues to “evolve” in the word of experts, in minimizing the most obvious risks of breaches and fraud. Merchant groups remain critical of what they see as too much of a “blame game”...

01 checklist

SIEM: 14 questions to ask before you buy

Today's SIEM technology boasts more brain power than ever, but many organizations fail to realize its full promise. Here are the key questions you need to ask to ensure the solution you choose will deliver.

collage of financial banking charts and graphs

Financial services firms struggling with ecommunications

In its sixth annual survey of electronic communications compliance, compliance and ediscovery specialist Smarsh reports that financial services firms are struggling to retain and supervise the growing volume and variety of...

mit dreyfus building 2

What is the difference between privacy and security?

Understanding the difference between privacy and security will explain why a privacy program is dependent upon a security program, thereby making a cooperative, interdependent relationship between the teams (and the Chief Privacy...

nyse stock trading

Regulators: cybersecurity poses biggest risk to global financial system

Last week, the chair of the Securities and Exchange Commission called cybersecurity the biggest risk facing the global financial industry. The SEC promises to step up regulation and Swift itself is expected to launch a new cyber...

chip pin credit card reader

Retailers must upgrade authentication, encryption and pen testing

The PCI Security Standards Council now requires better authentication, encryption and penetration testing by companies that accept consumer payments, improvements lauded by security expert.

privacy policy

Privacy policy or privacy notice: what's the difference?

Is there a difference between a privacy policy and a privacy notice? Some of the confusion comes from a company’s description of their privacy practices on their website being called a privacy policy. Some people ask, “Isn’t the...

cloud computing pondering reflective mystery

How compliance can be an excuse to shun the cloud

Companies in heavily regulated industries say they can't embrace the cloud due to compliance. That's just an excuse.

outsourcing international workers

Is outsourcing IT worth the compliance risk?

While the feds have certainly put hurdles in place to prevent abuse, outsourcing IT in a highly regulated industry like banking may very well lead to higher standards and quality outcomes.

capitol dome government

Report: Federal agencies still fighting the last war

Federal government agencies are still fighting the last cybersecurity war, the one where computer networks had a strong, defensible perimeter, according to a new report by 451 Research

mind the gap

In pursuit of HIPAA, a new compliance gap arises

Meeting requirements can be exhausting, but the business payoff can make it all worthwhile.

capitol dome government

Firms expect greater government cybersecurity oversight

The U.S. Senate recently proposed a cybersecurity disclosure bill that would require public companies to describe what cybersecurity expertise their boards have, or, if they don't have any, what steps the companies are taking to get...

vault key encryption

Report: Compliance biggest driver of encryption

The biggest driver of encryption technology is the need to comply with privacy or data security regulations, according to a new report.

Load More