Security Management Strategies for the CIOSecurity Compliance School:
Compliance School
-
How to pass a PCI assessment
This lesson explains the importance of engaging internal stakeholders in the PCI assessment process, understanding the nuances of each requirement, and crafting comprehensive policies that ensure PCI compliance is a continuous process, and annual audits a less stressful event.
About the author:
Dr. Anton Chuvakin, principal of Security Warrior Consulting, is a recognized log management and PCI DSS compliance expert. -
Compliance metrics: Building a compliance scorecard
Measuring compliance isn't easy, but neither is it impossible. In this lesson, expert Eric Holmquist explains how you can build an effective compliance scorecard for your enterprise.
About the author:
Eric Holmquist is president of Holmquist Advisory.Learn more: Compliance metrics: Building a compliance scorecard
-
Compliance-driven role management
State privacy laws, along with regulations like HIPAA and PCI DSS, have forced many organizations to create stronger controls and accountability regarding who can handle sensitive information. Learn how integrating role and entitlement management technology into the enterprise will help you deal with IAM challenges.
About the author:
Richard Mackey is vice president of consultancy SystemExperts. -
Automated compliance in the enterprise
Almost all regulations, from HIPAA to the PCI DSS, require documentation, audited requests and logging of a company's operational and data protection activities. Learn how automation can help you take on today's many compliance objectives. About the experts:
Eric Holmquist is v.p. at Advanta Bank Corp. -
Virtualization: Balancing emerging technology with existing demands
As budgets tighten and IT spending faces increased scrutiny, the value proposition of virtualization has gone way up—power savings, hardware reduction, flexibility and more. But with the benefits comes the concern of securing a virtualized environment, and making sure it's compliant.
About the expert:
David Mortman is CSO-in-Residence for Echelon One.Learn more: Virtualization: Balancing emerging technology with existing demands
-
How to meet HIPAA compliance requirements
For years, healthcare organizations did not have to worry about the Health Insurance Portability and Accountability Act. That's beginning to change now, though, as HIPAA officials dish out tougher audits and penalties. Expert Richard Mackey explains how to meet the HIPAA compliance guidelines.
About the expert:
Richard Mackey is vice president of consultancy SystemExperts. -
Building a risk-based compliance program
Compliance is no longer just an issue for the executive, legal and accounting teams to do deal with. It is now a daily concern for IT staffs, and more specifically, for the security staffs who must ensure that the servers, endpoints and mobile devices meet the standards set by dozens of regulations. As compliance has become more of an IT issue, the idea of basing a compliance program on a risk management approach has begun to gain a lot of momentum. A recent survey of business executives and IT professionals by Polivec Inc. showed that 73% of respondents believe risk analysis is an important basis for a compliance effort.
-
PCI DSS compliance: Two years later
In this lesson, learn why companies are still struggling with the Payment Card Industry Data Security Standard (PCI DSS), and how to effectively protect cardholder data.
About the author:
Diana Kelley is vice president with research firm Burton Group. -
Ensuring compliance across the extended enterprise
Businesses rely on partners and service providers, but are they protecting against corporate data breaches? In this lesson, learn how service level agreements (SLAs) and other partner best practices can keep data safe.
Learn more: Ensuring compliance across the extended enterprise
-
Must-have compliance technologies
Regulatory and contractual compliance are key considerations for all enterprises. And there's no shortage of vendors claiming to have the silver bullet for solving compliance woes. This lesson will explore which technologies really work.
-
Compliance improvement: Get better as you go forward
In this lesson, take your compliance business processes to the next level with guidance on technology adoption and use, corporate governance best practices and guidance on granular IT policy and procedures.
Learn more: Compliance improvement: Get better as you go forward
-
SOX compliance
-
Normalize information security and compliance data management
Information security managers are not only technologists and compliance specialists, but more and more, they’re also becoming data managers. Security tools generate volumes of log data on security events that need to be addressed, and those decisions have to be prioritized based on business demands and compliance mandates. Facing these new challenges, many security and compliance managers are unclear where to begin and how to define success.
In this SearchSecurity.com Compliance School lesson, compliance expert Mike Chapple addresses how to overcome issues security managers face regarding data overload. He provides best practices for normalizing information security and compliance data management to make better business decisions in the areas of PCI DSS compliance, enterprise data mining and overall enterprise compliance program management. Additionally, Mike explains how to regulate that data and ensure that data meets IT compliance requirements for federal and industry regulations, as well as an organization’s own guidelines.
About the Expert: Mike Chapple, Ph. D., CISA, CISSP, is an IT security manager with the University of Notre Dame.Learn more: Normalize information security and compliance data management