Security Management Strategies for the CIO
Email Alerts
-
Inside the Data Accountability and Trust Act and what it means for security
This month’s issue of Information Security magazine takes you deep inside the Data Accountability And Trust Act (DATA), pending legislation that could reshape the national privacy landscape and impact the way enterprises and midmarket companies archi... E-Zine
-
How automated compliance solutions can help you plan for your next audit
This month's cover story is on Automatic Compliance. The weight of regulatory compliance can break the back of your IT operation. Automation can help you gear up for your next audit. We'll also cover new technologies for identity and access managemen... E-Zine
-
Reflections on the impact of Sarbanes-Oxley
Love them or hate them, Michael Oxley and Paul Sarbanes changed the information security landscape. Read reflections on the legislation's impact, the role of the Web and how CISOs have emerged and matured. E-Zine
-
Compliance vs. security: Prevent an either-or mentality
Do you have to choose between compliance and security? This issue explains strategies to prevent an either/or mentality. Also, read features on sorting out enterprise UTM and reviews of six device control tools. E-Zine
-
Tips for navigating the maze of global security regulations
In this month's issue of Information Security magazine, learn how to navigate the maze of inconsistent global regulations. Read a product review of PatchLink's PatchLink Update 6.3. Learn how to achieve compliance with HIPAA certification and learn t... E-Zine
-
Captive to SOX compliance? A compliance guide for managers
In this month's issue of Information Security magazine, SureWest's Tim Dotson meets SOX compliance with tightened password controls. We review NFR Security's Sentivist 5.0, Centennial Software's DeviceWall 3.1, and more. In the editor's letter, read ... E-Zine
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Risk-based audit methodology: How to achieve enterprise security
Discover how using a risk-based audit methodology can achieve better enterprise security. Learn how to develop an internal IT audit program, implement risk mitigation methods and develop controls and ensure they are effective. Learning Guide
-
Mass 201 CMR 17: Basics for security practitioners
Massachusetts data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements of this law, and find out what needs to be done to become compliant with the law. Learning Guide
-
Quiz: Compliance-driven role management
Use this five-question quiz to test your knowledge of role and entitlement management. Quiz
-
Quiz: Virtualization and compliance
How much have you gleaned from this Virtualization and compliance Security School lesson? Test you knowledge of cloud compliance best practices and the future of virtualization compliance. Quiz
-
More from SearchSecurity.com --- February 2007
Highlights from the February 2007 issue of Information Security magazine Information Security maga
-
Quiz: Compliance improvement -- Get better as you go forward
A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Compliance School
-
Achieving Compliance: A Real-World Roadmap
This session track from Information Security Decisions 2006 explains how to build an effective compliance program, defines metrics and ways to ensure business continuity. Session Downloads
-
Building network security: Evolution and vendor consolidation
Through both vendor consolidation and evolution, security capabilities are increasingly being woven into the network fabric. In this lesson, Mike Rothman, president and principal analyst of Security Incite, will help attendees understand the network/... Identity and Access Manag
-
Answers: Compliance All-in-One Guide quiz
SearchSecurity Retention
- See more Essential Knowledge on Data Privacy and Protection
-
For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles. News | 09 Apr 2013
-
Lacking privacy laws aid growing CISO role in data privacy management
More CISOs may be taking on data privacy management. Fortunately, old, outdated privacy laws may lend them a helping hand. News | 29 Jan 2013
-
U.S. cybersecurity efforts down but not out after Senate vote
The Senate again has voted down U.S. cybersecurity legislation, but the need to protect critical infrastructure networks can no longer be ignored. News | 19 Nov 2012
-
Data privacy issues present new data governance challenges
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage. News | 17 Sep 2012
-
Cloud study debunks Patriot Act assumptions
Law firm study of 10 countries finds that all allow government to access cloud data News | 30 May 2012
-
A bold view on prioritizing computer security laws
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles. News | 24 May 2012
-
Changes to European privacy laws foreshadow serious business impact
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses. News | 08 Mar 2012
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News | 01 Mar 2012
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News | 20 Dec 2011
-
SEC guidelines push companies to disclose potential breaches
The U.S. Securities and Exchange Commission guidelines help companies determine how security breaches should be disclosed to potential investors. News | 17 Oct 2011
- See more News on Data Privacy and Protection
-
Ten years later: The legacy of SB 1386 compliance on data privacy laws
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws. Column
-
Updated COPPA regulations add to child Internet protection guidelines
After 15 years, the FTC announced updated COPPA regulations effective July 2013. Learn how to deal with this updated child Internet privacy mandate. Tip
-
Stored Communications Act ruling muddles business online data privacy
A state supreme court decision addressing webmail hacking under the Stored Communications Act affects email privacy and the ability to sue hackers. Tip
-
How regulation should -- and shouldn't -- influence cybersecurity policy
Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security. Tip
-
Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses. Tip
-
For U.S. companies, EU cookie compliance calls for website changes
With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines. Tip
-
Is private browsing really private? Identifying Web browser risk
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks. Tip
-
How secure managed file transfers help meet compliance requirements
By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant with requirements much more easily. Tip
-
DATA Act protection: Effects of a federal breach notification law
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in. Tip
-
Database security best practices: Tuning database audit tools
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip. Tip
-
Ease credit card risks: POS encryption and data tokenization for PCI
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains what to consider before using tokenization and transact... Tip
- See more Tips on Data Privacy and Protection
-
HIPAA compliance training: How to prevent lost or stolen devices
Mike Chapple explains how enterprises can help lessen the impact of lost or stolen devices as part of HIPAA compliance training. Answer
-
Weighing compliance mandates vs. security vulnerability management
Should security vulnerabilities be prioritized based on compliance needs? Mike Chapple discusses this approach to vulnerability management. Answer
-
Unencrypted credit card data storage: Why 70% of merchants do it
Mike Chapple offers four possible reasons why some merchants still store unencrypted credit card data after years of PCI DSS compliance requirements. Answer
-
Microsoft services agreement changes: What other enterprises can learn
Should enterprises be concerned about Microsoft services agreement changes after the Google privacy policy fiasco? Expert Michael Cobb discusses. Answer
-
HITRUST C-TAS: Is it the new compliance mandate?
Mike Chapple discusses the new HITRUST C-TAS information-sharing consortium and clarifies whether it relates to the HIPAA compliance mandate. Answer
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint. Answer
-
EU cookie regulations: Advice for firms in the US and other countries
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Answer
-
Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16
Compliance expert Charles Denyer covers ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70. Answer
-
Secure cloud file storage for health care: How to regain control
Should health care organizations endorse the use of secure cloud file storage? Michael Cobb offers advice on establishing governance processes for cloud-based services. Ask the Expert
-
Privacy laws in the workplace: Creating employee privacy policies
Are your employees aware of their workplace privacy rights? More specifically, are they aware of what privacy rights they don't retain? Learn how to create effective employee privacy policies in this expert response. Ask the Expert
- See more Expert Advice on Data Privacy and Protection
-
Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)
The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies. Definition
-
cypherpunk
Cypherpunk, a term that appeared in Eric Hughes' "A Cypherpunk's Manifesto" in 1993, combines the ideas of cyberpunk, the spirit of individualism in cyberspace, with the use of strong encryption (ciphertext is encrypted text) to preserve privacy. Definition
-
Data Encryption Standard (DES)
Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. Definition
-
P3P (Platform for Privacy Preferences)
P3P (Platform for Privacy Preferences) is a protocol that specifies a way to determine if a Web site's security policies meet a user's privacy requirements. Definition
-
Bruce Schneier explains why there is no privacy on the Internet
Video: Bruce Schneier provides three examples to prove there is no privacy on the Internet. Is government regulation needed? Video
-
Bruce Schneier on data privacy and Google's feudal model of security
Video: Bruce Schneier explains why Google, Apple and others have adopted a feudal model of security, and the resulting data privacy concerns. Video
-
PCI tokenization: Credit card security policy guidance
Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise. Video
-
RSA 2011 preview: Compliance
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Jos... Video
-
What you need to do for MA 201 CMR 17 compliance
In this video, expert Richard Mackey outlines the steps that every organization must take to comply with Massachusetts 201 CMR 17 data protection law. Video
-
Q&A: Forrester's Chenxi Wang discusses cloud compliance
Forrester's Chenxi Wang discusses cloud compliance and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services. Video
-
How to evolve your compliance program as technologies and mandates change
This video describes how organizations can effectively interpret particular requirements from regulations such as HIPAA and PCI and implications these interpretations have on compliance activities, administration, and auditors. Video
-
Raising the bar on compliance success
By now, most enterprises have established baselines for reporting on foundational IT controls. They've also leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" ... Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Compliance in the cloud
Rena Mears, global and U.S. privacy and data protection leader at Deloitte, discusses how cloud computing is transforming data classification and security. Video
- See more Multimedia on Data Privacy and Protection
-
Ten years later: The legacy of SB 1386 compliance on data privacy laws
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws. Column
-
HIPAA compliance training: How to prevent lost or stolen devices
Mike Chapple explains how enterprises can help lessen the impact of lost or stolen devices as part of HIPAA compliance training. Answer
-
Weighing compliance mandates vs. security vulnerability management
Should security vulnerabilities be prioritized based on compliance needs? Mike Chapple discusses this approach to vulnerability management. Answer
-
For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles. News
-
Unencrypted credit card data storage: Why 70% of merchants do it
Mike Chapple offers four possible reasons why some merchants still store unencrypted credit card data after years of PCI DSS compliance requirements. Answer
-
Bruce Schneier explains why there is no privacy on the Internet
Video: Bruce Schneier provides three examples to prove there is no privacy on the Internet. Is government regulation needed? Video
-
Microsoft services agreement changes: What other enterprises can learn
Should enterprises be concerned about Microsoft services agreement changes after the Google privacy policy fiasco? Expert Michael Cobb discusses. Answer
-
Bruce Schneier on data privacy and Google's feudal model of security
Video: Bruce Schneier explains why Google, Apple and others have adopted a feudal model of security, and the resulting data privacy concerns. Video
-
Lacking privacy laws aid growing CISO role in data privacy management
More CISOs may be taking on data privacy management. Fortunately, old, outdated privacy laws may lend them a helping hand. News
-
Updated COPPA regulations add to child Internet protection guidelines
After 15 years, the FTC announced updated COPPA regulations effective July 2013. Learn how to deal with this updated child Internet privacy mandate. Tip
- See more All on Data Privacy and Protection
About Data Privacy and Protection
Get information and advice on data protection and privacy policy, laws and issues. Learn best practices on data theft prevention and how to avoid a data privacy incident.