-
Survey results highlight the importance of HIPAA compliance training
The Vice President of Policy and Government Relations for the American Health Information Management Association speaks out on the importance of compliance training. Executive Briefing
-
A Business Guide to Information Security: Threats and Compliance
In this excerpt from Chapter 1 of A Business Guide to Information Security, author Alan Calder identifies six future risks to information security and explains how they will affect individuals and organizations. Book Chapter
-
Ensure that legal responsibilities are clear -- Especially when trouble strikes
Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Book Chapter
-
Passive fingerprinting: Applications and prevention
In this excerpt from the book Silence on the Wire, author Michal Zalewski discusses both malicious and beneficial uses for passive fingerprinting, and how to prevent successful passive fingerprinting on your network. Book Chapter
-
ID theft and national security
Check out what some ITKnowledge Exchange members had to say about this controversial issue. Security Speak-Out
-
Do you speak geek: Respecting the letter of the law
Test your knowledge of security laws and regulations. Quiz
-
Quiz: Compliance
Test your knowledge of legislation and standards. Quiz
- See More: Essential Knowledge on Data Privacy and Protection
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News | 20 Dec 2011
-
SEC guidelines push companies to disclose potential breaches
The U.S. Securities and Exchange Commission guidelines help companies determine how security breaches should be disclosed to potential investors. News | 17 Oct 2011
-
Data breach notification laws: Timing right for breach notification bill, experts say
The bill would supersede state laws and experts say they could help enterprises by setting one standard set of rules for breach notification. News | 01 Jun 2011
-
Cost of non-compliance outweighs cost of maintaining compliance, report finds
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million. Article | 31 Jan 2011
-
Computer security awareness training could prevent some data loss, experts say
An audit of a prominent Boston-based health care firm found serious lapses in employee security awareness. Article | 08 Dec 2010
-
How privacy and data security legislation will fare after Nov. 2
The midterm elections will likely result in a shift in political power. How will that impact pending privacy and data security bills? Article | 28 Oct 2010
-
Black Hat: Targeted network security attacks beating forensics efforts
Targeted, persistent attacks are supported by a great deal of automation and new functionality that is having little difficulty bypassing traditional security defenses and forensic investigations, two researchers revealed at the Black Hat Briefings. Article | 28 Jul 2010
-
Updated Cybersecurity Act reshapes federal compliance, education
The proposed law now lacks an Internet kill-switch provision, clarifies certification and expands public-private cooperation on federal cybersecurity compliance. News | 24 Mar 2010
-
MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation
The official charged with enforcing the MA 201 CMR 17 data protection law says early reporting of potential breaches and cooperation will help firms avoid enforcement action. Article | 28 Jan 2010
-
Massachusetts data protection law has mixed impact on financials
Many financial institutions are already meeting new law's requirements for protecting state residents' personal information, but some have work to do. Article | 13 Aug 2009
- See More: News on Data Privacy and Protection
-
Is private browsing really private? Identifying Web browser risk
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks. Tip
-
How secure managed file transfers help meet compliance requirements
By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant with requirements much more easily. Tip
-
DATA Act protection: Effects of a federal breach notification law
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in. Tip
-
Database security best practices: Tuning database audit tools
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip. Tip
-
Ease credit card risks: POS encryption and data tokenization for PCI
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains what to consider before using tokenization and transact... Tip
-
Interpreting 'risk' in the Massachusetts data protection law
After many changes, it appears that the recent Massachusetts data protection law is here to stay. Contributor David Navetta reviews the important, ambiguous places in the legislation that your legal and compliance teams must zero in on in order to av... Tip
-
Strategies for using technology to enable automated compliance
Enterprise compliance programs depend on a variety of people, data and processes, so it's no surprise that many organizations seek to implement automated compliance with the help of technology. However, such efforts can easily fail without due dilige... Tip
-
How to find virtual machines for greater virtualization compliance
When it comes to compliance and virtualization, security vulnerabilities and privacy concerns are not the only issues of interest to auditors. Managing internal virtual machines can be a major security and compliance hurdle, particularly in environme... Tip
-
By addressing data privacy, companies avoid public scrutiny
Some organizations may believe data privacy laws don't affect them, but those groups may be deluding themselves. Authors Craig Norris and Tom Cadle explain why, and offer a comprehensive overview of the responsibilities that come with handling sensit... Tip
-
Learning the language of global compliance
When a company expands its operations to other countries, what compliance issues confront a security manager? Expert Mike Rothman explains how data security and data privacy can be the same in any language. Tip
- See More: Tips on Data Privacy and Protection
-
Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16
Compliance expert Charles Denyer covers ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70. Answer
-
Secure cloud file storage for health care: How to regain control
Should health care organizations endorse the use of secure cloud file storage? Michael Cobb offers advice on establishing governance processes for cloud-based services. Ask the Expert
-
Privacy laws in the workplace: Creating employee privacy policies
Are your employees aware of their workplace privacy rights? More specifically, are they aware of what privacy rights they don't retain? Learn how to create effective employee privacy policies in this expert response. Ask the Expert
-
How to prepare for a FERPA audit
Does your educational institution have to comply with FERPA? David Mortman, security management expert, explains what FERPA requires for school records and what to do when your FERPA audit is right around the corner. Ask the Expert
-
How would you define the responsibilities of a data custodian in a bank?
Data security is incredibly important for financial institutions, and it's the data custodian's job to make sure that data is safe. Security management expert Mike Rothman explains more. Ask the Expert
-
How to prevent audit-logging system from storing passwords?
In this SearchSecurity.com Q&A, security pro Mike Rothman discusses several ways to prevent your audit systems from storing passwords or other personal information. Ask the Expert
-
How can a CSO determine if a company has a data security problem?
In this SearchSecurity.com Q&A, security management expert Mike Rothman examines certain areas that a CSO should focus on, such as internal policy documents and penetration test results, to determine if a corporation has a data security breach proble... Ask the Expert
-
Can keyloggers monitor mouse clicks and keyboard entries?
Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb. Ask the Expert
-
Is a privacy seal useful for an ecommerce Web site?
Can a privacy seal protect your ecommerce Web site, or is it just a useful marketing tool? In this expert Q&A, identity management and access control expert Joel Dubin explains how well privacy seals actually protect a site's customer data. Ask the Expert
-
Do privacy regulations protect biometrics information?
Enterprise regulations protect sensitive employee information, but what about biometric data? In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin explains why your fingerprints, voice prints and other personal aut... Ask the Expert
- See More: Expert Advice on Data Privacy and Protection
-
PCI tokenization: Credit card security policy guidance
Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise. Video
-
RSA 2011 preview: Compliance
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Jos... Video
-
What you need to do for MA 201 CMR 17 compliance
In this video, expert Richard Mackey outlines the steps that every organization must take to comply with Massachusetts 201 CMR 17 data protection law. Video
-
Q&A: Forrester's Chenxi Wang discusses cloud compliance
Forrester's Chenxi Wang discusses cloud compliance and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services. Video
-
How to evolve your compliance program as technologies and mandates change
This video describes how organizations can effectively interpret particular requirements from regulations such as HIPAA and PCI and implications these interpretations have on compliance activities, administration, and auditors. Video
-
Raising the bar on compliance success
By now, most enterprises have established baselines for reporting on foundational IT controls. They've also leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" ... Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Compliance in the cloud
Rena Mears, global and U.S. privacy and data protection leader at Deloitte, discusses how cloud computing is transforming data classification and security. Video
-
PCI compliance requirement 3: Protect data
Ed Moyle and Diana Kelley review Requirement 3 of the Payment Card Industry Data Security Standard: Protect cardholder data. It's not as simple as it sounds. Video
-
Federal efforts to secure cyberinfrastrucure
RSA 2009: Former White House senior advisor Paul Kurtz and James Lewis, director of technology policy at the Center for Strategic and International Studies talk about the state of cybersecurity readiness at the federal level. Video
- See More: Multimedia on Data Privacy and Protection
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News
-
SEC guidelines push companies to disclose potential breaches
The U.S. Securities and Exchange Commission guidelines help companies determine how security breaches should be disclosed to potential investors. News
-
Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16
Compliance expert Charles Denyer covers ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70. Answer
-
PCI tokenization: Credit card security policy guidance
Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise. Video
-
Data breach notification laws: Timing right for breach notification bill, experts say
The bill would supersede state laws and experts say they could help enterprises by setting one standard set of rules for breach notification. News
-
Is private browsing really private? Identifying Web browser risk
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks. Tip
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Secure cloud file storage for health care: How to regain control
Should health care organizations endorse the use of secure cloud file storage? Michael Cobb offers advice on establishing governance processes for cloud-based services. Ask the Expert
-
Cost of non-compliance outweighs cost of maintaining compliance, report finds
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million. Article
-
RSA 2011 preview: Compliance
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Jos... Video
- See More: All on Data Privacy and Protection
About Data Privacy and Protection
Get information and advice on data protection and privacy policy, laws and issues. Learn best practices on data theft prevention and how to avoid a data privacy incident.