Compliance-related resources to help firms comply with Sarbanes-Oxley (Sarbox), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and other government mandates.
Mon, November 18, 2013 - Ever the risk-averse industry, healthcare is finally beginning to trust cloud for the storage of protected health information. Experts credit better cloud security, dropping costs and the growing need for disparate organizations to share information. What's more, this only appears to be the tip of the healthcare cloud iceberg.
Mon, October 21, 2013 - If you are an information security professional whose organization handles credit card information, then unless you have been living under a rock since PCI DSS was first introduced in 2004, PCI compliance is a fact of life. Many love to bash the standard as the "low bar" for security, but when it comes to "Requirement 1: Install and maintain a firewall configuration to protect cardholder data," special attention to these five components (out of 21 outlined in Requirement 1), will a set a high, sustainable standard (yes&really!) for both security and PCI compliance.
Tue, September 17, 2013 - IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
Mon, July 01, 2013 - The U.S. government is giving the healthcare industry billions of dollars in incentives to use electronic health records. Most organizations have EHR software in place, but as many as 35 percent wish they could switch systems. Are EHR vendors to blame, or are deeper forces at work?
Mon, June 17, 2013 - Companies can significantly decrease the cost of data breaches by teaching employees not to cut corners and by adopting a strong security posture and an incident response plan.
Fri, May 31, 2013 - With technology now at the center of nearly all business processes, information security is no longer simply an operational concern. It deserves a place on the board's strategic agenda. And that means the CISO needs to step up in the boardroom.
Mon, May 20, 2013 - IT's problems can draw unwanted notice now that Sarbanes-Oxley requires them to appear in 10-K reports as 'material weaknesses.'
Tue, April 30, 2013 - Today's complex IT environments make maintaining 'always on' availability more challenging than ever before, even as IT has become central to most business operations. IDC's David Tapper says organizations must adopt a plan for achieving operational resiliency.
Mon, April 22, 2013 - A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
Mon, March 25, 2013 - From phishing your own employees to sharing your company's hack history, these techniques can help you get -- and keep -- users' attention about security.
Thu, March 14, 2013 - For a variety of reasons, some businesses are looking to downgrade from Windows 8 to Windows 7. The good news is that Microsoft's business licenses come with downgrade rights, but the catch is that the rules can be tricky and compliance could become an issue. Here are some clarifications on your rights when downgrading from Windows 8 or standardizing on noncurrent Microsoft software.
Fri, March 01, 2013 - Companies with IT security strategies that focus mostly on complying with key standards are dangerously unprepared for emerging cyber threats, said security experts at the RSA Conference 2013 here this week.
Fri, February 08, 2013 - More than half of employees who left or lost their jobs in the past 12 months took confidential corporate data with them and most plan to use it in their new jobs, creating the potential for IP contamination. How can you protect your IP?
Thu, February 07, 2013 - A new set of guidelines from the PCI Security Standards Council is intended to help merchants and cloud services providers comply with the PCI DSS when handling payment card data on the web.