Security Audit Compliance and Standards
- June 06, 2019
There haven't been many fines under the General Data Protection Regulation since the EU data privacy law went into effect a year ago. But experts warn that will likely change.
- March 13, 2019
Fragile electronic voting systems and the weaponization of social media continue to menace U.S. election systems as presidential candidates ramp up their 2020 campaigns.
- March 09, 2018
A DHS cybersecurity audit for FISMA compliance by the Office of Inspector General rated the agency below target levels in three of five areas of information security.
- December 13, 2017
A team of security researchers discovered many vendors' TLS implementations are vulnerable to the Bleichenbacher oracle attack, which was first discovered 19 years ago.
- June 02, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe.
- December 19, 2016
Gas stations get an extra three years to support new chip card payments, as the EMV liability shift date for automated fuel dispensers is pushed to 2020.
- October 16, 2015
News roundup: FBI issues a public service announcement about EMV chip-and-signature cards. Plus: bumper crop of OS X malware in 2015; phishing sites with authenticated certificates and more.
- April 29, 2015
At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation.
- September 12, 2014
News roundup: City-sponsored situational awareness software use at a music festival illustrates the importance of enterprise surveillance strategy evaluation. Plus: Apache Tomcat upgrade; OpenSSL security policy; and call center security concerns.
- September 05, 2014
News roundup: The recent Goodwill security breach has been blamed on a third-party service provider, highlighting the need for due diligence. Plus: Mobile device theft; Android app vulnerabilities and a 12-year-long cyber-espionage network.
- May 15, 2014
Attorney Francoise Gilbert analyzes the White House big data initiative and the data security and privacy ramifications for enterprises.
- February 17, 2014
Experts differed over whether the NIST cybersecurity framework provides critical infrastructure firms with the tools to defend themselves.
- February 25, 2013
At the CSA Summit 2013, Mark Weatherford said the DHS 'cyber 911' service will better support the private sector, and new voluntary standards are in the works.
- June 21, 2011
All companies, not just financials, must comply with the Dodd-Frank Act; Gartner recommends having a compliance bureau monitor the implications.
- March 04, 2011
Paul Judge of Barracuda Networks and Joshua Corman of the 451 Group discuss whether compliance hinders the creation of innovative security technologies.
- February 24, 2011
A survey of more than 300 IT professionals found that 25% of IT projects begin as part of compliance initiatives.
- January 31, 2011
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million.
- January 12, 2011
A survey of 500 security professionals found that although the compliance initiatives are burdensome, they are improving security at most organizations.
- July 30, 2010
The research firm's new 123-point maturity model is intended to go beyond COBIT as a more comprehensive way to help companies find and fix gaps in their infosec programs.
- October 30, 2008
Ernst & Young's 2008 Global Information Security Survey finds both positive and negative trends in information security depending on how you look at the numbers.
- April 02, 2008
As Executive Editor Dennis Fisher explains, the Hannaford supermarket breach illustrates how too much emphasis on compliance puts critical data at risk.
- September 25, 2007
TJX Cos. should have moved faster to upgrade its Wi-Fi security from WEP encryption to WPA encryption, say Canadian officials.
- July 11, 2007
Karen Worstell, former CISO at Microsoft and AT&T Wireless, recently joined the advisory board of Neupart A/S, a five-year-old European security risk management and awareness firm that just launched a North American office in the Seattle area. The ...
- June 20, 2007
Log management is expected to be a hot topic at the upcoming Burton Group Catalyst Conference. Experts say log data can help organizations comply with numerous guidelines.
- May 17, 2007
Bob Russo, general manager of the PCI Security Standards Council explains that education is crucial to getting more merchants to comply with the standard.
- January 05, 2006
The Santa Clara, Calif.-based network security provider agrees to a cash penalty to be distributed to harmed investors, per the Sarbanes-Oxley Act.
- December 26, 2005
IT security officers long for a common system to comply with laws that are similar, but often have conflicting demands. Some say a single set of federal guidelines could help, but others fear the implications.
- September 27, 2005
Auditors are honing in on directory services to see if companies have internal controls now mandated by law.
- May 10, 2005
Spending way more than expected to comply with the Sarbanes-Oxley? Join the crowd.
- December 28, 2004
A look at some of the newsworthy moments, as told from those in the trenches and headlines.
- December 22, 2004
For all the bellyaching by those responsible for implementation, a survey released today finds that federal regulations have benefited network security.
- October 06, 2004
SOX is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. Read about the three main areas of SOX that affect IT: Sections 302, 404 and 802.
- October 06, 2004
Sarbanes-Oxley contains many features, but there are two that stand out from an IT security perspective.
- October 06, 2004
As the Nov. 15 deadline nears, companies find there's more to meeting compliance than they thought. Think Y2K, on steroids.