This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
5. - Your questions answered: Read more in this section
- Mike Chapple, Enterprise Compliance
- Joseph Granneman, security management
Explore other sections in this guide:
Mike Chapple, Ph. D., CISA, CISSP, is an IT security manager with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is a frequent contributor to SearchSecurity.com, and serves as its resident expert on enterprise compliance, frameworks and standards for its Ask the Experts panel. He previously served as site expert on network security, is a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
See below for Mike's archive of advice on both compliance and network security. To submit a question for Mike, click on the "Ask a Question" tab above.
Do you have a question for our experts?
Contributions from Mike Chapple, Enterprise Compliance
- Is HITRUST C-TAS the new compliance mandate?
- Reduce PCI scope with credit card tokenization
- Validating the PCI DSS scope of compliance
- Validation requirements for PCI DSS-covered merchants
- How to outsource PCI compliance to a cloud provider
- Using ISO 27002 as a guide for security management
- Submitting an ROC via a PCI assessment provider
- Cryptosystem regulatory compliance requirements
- How to choose a PCI employee training program
- Getting C-level support for ongoing PCI compliance
- Complying with new NIST incident response guidelines
- How to remediate common IT audit findings
- Data center virtualization and the cost of compliance
- Web application firewalls: Best option for security?
- How to accept mobile payments and stay PCI compliant
- Streamlining the compliance review process
- Security vs. compliance: Is 'checkbox security' OK?
- How do I know if I need a GRC product?
- The effects of Visa's PCI compliance policy change
- Monitoring P2P activity by IP address