This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
5. - Your questions answered: Read more in this section
- Mike Chapple, Enterprise Compliance
- Joseph Granneman, security management
Explore other sections in this guide:
Mike Chapple, Ph. D., CISA, CISSP, is an IT security manager with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is a frequent contributor to SearchSecurity.com, and serves as its resident expert on enterprise compliance, frameworks and standards for its Ask the Experts panel. He previously served as site expert on network security, is a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
See below for Mike's archive of advice on both compliance and network security. To submit a question for Mike, click on the "Ask a Question" tab above.
Do you have a question for our experts?
Contributions from Mike Chapple, Enterprise Compliance
- Does storing tokens instead of card data reduce the PCI burden?
- Tired of onerous compliance regulations? Try descoping
- Understanding of laws, obligations key to data privacy compliance
- Did Target violate PCI DSS with third-party software?
- Does ISO 27001 certification overlap with Safe Harbor compliance?
- How the Windows XP end-of-life date impacts PCI DSS compliance
- How NPP documentation, distribution requirements have changed
- Who should pursue COBIT 5 certification?
- What tightened EU breach notification laws mean for enterprises
- How to meet new pen testing requirements under PCI DSS 3.0
- How to ensure a database complies with PCI regulations
- How SB-46 changes California's breach notification law
- Gaging the compliance risk of running end-of-life software
- PCI DSS review: Nine years later, was it worth it?
- How to avoid IT compliance documentation mistakes
- Do predefined DLP rules prevent compliance violations?
- When corporate devices are returned, wipe personal data
- PCI certification levels: What should a provider have?
- A smarter, programmatic approach to SOX compliance
- How to keep data-classification levels simple