Data privacy issues and compliance

  • January 22, 2009 22 Jan'09

    Retailers boost data collection, but data privacy issues persist

    The struggling economy has many retailers easing return policies to attract nervous shoppers, but as they increase data collection to combat fraudulent returns, one data privacy expert says the tools and processes must be in place to protect ...

  • January 19, 2009 19 Jan'09

    SANS Log Management Survey is looking for the ROI

    Good information security requires...good information. That's why logs are so important and why so many regulatory and industry directives require companies to not only gather but monitor, read and ...

  • December 09, 2008 09 Dec'08

    Data masking hides information from testers

    Start-up DataGuise enters the data masking market fueled by regulatory compliance pressures. One analyst says companies prefer masking over other techniques.

  • September 15, 2008 15 Sep'08

    PCI is about eliminating data, not securing it, former QSA says

    Former QSA turned Forrester analyst John Kindervag calls PCI a "communicable disease." Anything introduced to the network is in PCI scope if credit card systems aren't segmented.

  • September 09, 2008 09 Sep'08

    CIS takes the measure of information security

    The Center for Internet Security has released eight security metrics companies can use to measure their security programs and it plans to expand its list over the next year.

  • September 05, 2008 05 Sep'08

    Security of customer data, IP sustains security budgets

    Protecting customer data, corporate intellectual property and other sensitive internal data, remains a priority in many corporate board rooms, a Forrester Research survey finds.

  • August 26, 2008 26 Aug'08

    Data breach discovery, disclosure outpaces 2007

    More data breaches have been reported so far this year than in all of 2007, according to a report released by a nonprofit group that works to prevent fraud.

  • August 19, 2008 19 Aug'08

    PCI DSS 1.2 clarifies wireless, antivirus use

    Version 1.2 of PCI DSS, due out in October, requires 802.1x for wireless protection and antivirus for all operating systems, according to a summary of the changes issued Tuesday.

  • July 17, 2008 17 Jul'08

    Why are security pros dealing with compliance?

    The dawn of the age of IT compliance has had any number of consequences for IT staffs in general, and security teams specifically. Now, instead of simply worrying about whether the network is ...

  • April 29, 2008 29 Apr'08

    Credit card thieves target small merchants, flawed POS systems, study finds

    PCI assessment firm, Trustwave says the report debunks some popular perceptions but others cite flaws in the study.

  • April 10, 2008 10 Apr'08

    RSA attendees see data classification, rights management projects stumble

    SAN FRANCISCO -- Companies need to embark on data classification projects to gain more control over its movement and minimize data leakage, but it's difficult to find a company successfully carrying out a project. Rena Mears, Deloitte's global and ...

  • April 10, 2008 10 Apr'08

    Next version of PCI DSS due in September

    PCI Security Standards Council GM Bob Russo says tweaks and clarifications are expected in the areas of wireless and application security.

  • April 03, 2008 03 Apr'08

    Your PCI questions answered recently conducted a virtual trade show on PCI DSS. It was a great success. During his live question-and-answer session Security Curve Founding Partner Ed Moyle had an ...

  • April 03, 2008 03 Apr'08

    Hannaford and the industrial compliance complex

    This week's headline may not fit perfectly with the analogy I had in mind yesterday, but I'm running with it anyway because all week I've been thinking of what the lessons are regarding the recent ...

  • April 02, 2008 02 Apr'08

    Hannaford breach illustrates dangerous compliance mentality

    As Executive Editor Dennis Fisher explains, the Hannaford supermarket breach illustrates how too much emphasis on compliance puts critical data at risk.