Compliance
Compliance-related resources to help firms comply with Sarbanes-Oxley (Sarbox), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and other government mandates.
Avoiding IT Audit Nightmares
How IT Can Achieve Operational Resiliency
Tue, April 30, 2013 - Today's complex IT environments make maintaining 'always on' availability more challenging than ever before, even as IT has become central to most business operations. IDC's David Tapper says organizations must adopt a plan for achieving operational resiliency.
Compliance vs. Risk in Enterprise Security
Mon, April 22, 2013 - A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
Straight Talk on Security Gets Employees to Listen -- and Comply
Mon, March 25, 2013 - From phishing your own employees to sharing your company's hack history, these techniques can help you get -- and keep -- users' attention about security.
How to Downgrade From Windows 8 (Hint: The First Step Is to Know Your Rights)
Thu, March 14, 2013 - For a variety of reasons, some businesses are looking to downgrade from Windows 8 to Windows 7. The good news is that Microsoft's business licenses come with downgrade rights, but the catch is that the rules can be tricky and compliance could become an issue. Here are some clarifications on your rights when downgrading from Windows 8 or standardizing on noncurrent Microsoft software.
IT Security Managers Too Focused on Compliance, Experts Say
Fri, March 01, 2013 - Companies with IT security strategies that focus mostly on complying with key standards are dangerously unprepared for emerging cyber threats, said security experts at the RSA Conference 2013 here this week.
Is Stolen IP Walking in the Door With New Employees?
Fri, February 08, 2013 - More than half of employees who left or lost their jobs in the past 12 months took confidential corporate data with them and most plan to use it in their new jobs, creating the potential for IP contamination. How can you protect your IP?
PCI Council Releases Guidelines for Cloud Compliance
Thu, February 07, 2013 - A new set of guidelines from the PCI Security Standards Council is intended to help merchants and cloud services providers comply with the PCI DSS when handling payment card data on the web.
Startup Service Targets Electronic Workplace Compliance, Training
Tue, January 29, 2013 - Startup Convercent officially debuted today with a software-as-a-service (SaaS) offering that lets employers make available to employees in electronic form, via computer or mobile device, the workplace ethics and compliance terms the business supports.
EMC Offers Online File Sharing With On-Premise Storage Product
Tue, January 15, 2013 - EMC is building on its acquisition of the Syncplicity file-sharing and collaboration service by combining it with its Isilon scale-out NAS to provide the enterprise what the storage giant claims provides the convenience of a cloud-based file-sharing service with the administrative and governance capabilities of an on-premise solution.
How IT Departments Can Prepare for a Software License Audit
Fri, December 07, 2012 - As revenue for new software licenses is down, software vendors are focusing more on licensing audits to recover some of that lost income. Here's a look at some of the steps a corporate IT organization can take before the auditors arrive to maintain compliance and limit potential damage.
Employees Engage in Rogue Cloud Use Regardless of Security Policies
Tue, November 13, 2012 - Studies show that employees are engaging in rogue use of the cloud, even when IT organizations say they have clear formal cloud policies and penalties for violation of the policies.
How IT Can Prepare for Mobile Forensic Investigations
Tue, October 16, 2012 - If your IT security team must comply with regulations like PCI-DSS or HIPAA, you need to know who accesses your data and what they do with it, even if they're using a mobile device to do it. But performing forensic investigations on mobile devices is trickier than it is on PCs.
Dell Expands Private Cloud Offerings
Thu, August 23, 2012 - Dell on Thursday said it will offer dedicated servers in its data centers and off-premises application and storage services for companies looking to establish private clouds.
How to Secure Data by Addressing the Human Element
Wed, August 15, 2012 - Your sensitive data is only as secure as the weakest link in your organization, and in many cases the weak link is your employees. A properly established security awareness and training program can pay huge dividends.


