Security Audit Compliance and Standards

  • September 20, 2007 20 Sep'07

    Report: Companies still stumped by PCI DSS

    A VeriSign review of PCI Data Security Standard (PCI DSS) assessments it conducted found that more than half were still stumbling on the path to compliance.

  • July 11, 2007 11 Jul'07

    ISO 27001 could bridge the regulatory divide, expert says

    Karen Worstell, former CISO at Microsoft and AT&T Wireless, recently joined the advisory board of Neupart A/S, a five-year-old European security risk management and awareness firm that just launched a North American office in the Seattle area. The ...

  • June 20, 2007 20 Jun'07

    Log management push has its roots in compliance

    Log management is expected to be a hot topic at the upcoming Burton Group Catalyst Conference. Experts say log data can help organizations comply with numerous guidelines.

  • May 17, 2007 17 May'07

    PCI DSS: The standards should not be lowered

    Bob Russo, general manager of the PCI Security Standards Council explains that education is crucial to getting more merchants to comply with the standard.

  • February 05, 2007 05 Feb'07

    A new awareness for SIMs

    Experts say the use of security information and event management systems can not only give organizations overall visibility into their network security and improve their incident response, but also meet compliance demands.

  • December 13, 2006 13 Dec'06

    SEC moves to ease Sarbanes-Oxley burden for some

    The Securities and Exchange Commission is looking to make it easier for smaller companies to meet the requirements of Sarbanes-Oxley without going broke.

  • August 01, 2006 01 Aug'06

    Compliance demands a technology toolbox

    There's really no one technology answer for regulatory compliance. That's why experts suggest that a variety of tools are needed to meet the requirements of regulations such as Sarbanes-Oxley.

  • May 04, 2006 04 May'06

    Where hard drives go to die, or do they?

    A number of enterprises are using asset disposal firms to ensure sensitive corporate data is destroyed, but the process is hardly foolproof. In fact, a convicted felon could have his hands on your data right now.

  • February 07, 2006 07 Feb'06

    For CISOs, fitting in was never so hard

    As more organizations move their security officers out of IT, it may become easier for CISOs to succeed, but harder for other security pros to avoid a career dead-end.

  • January 26, 2006 26 Jan'06

    Passwords still the weakest link

    But more software is beginning to keep insiders from using shared or administrative passwords to access restricted data files, helping to ensure SOX compliance.

  • January 16, 2006 16 Jan'06

    A CISO's lessons in building a security plan

    The man in charge of information security at a Massachusetts insurance company explains how he built up the company's IT defenses from the top down.

  • January 05, 2006 05 Jan'06

    McAfee pays $50 million in accounting fraud case

    The Santa Clara, Calif.-based network security provider agrees to a cash penalty to be distributed to harmed investors, per the Sarbanes-Oxley Act.

  • December 26, 2005 26 Dec'05

    CSOs seek regulatory sanity in 2006

    IT security officers long for a common system to comply with laws that are similar, but often have conflicting demands. Some say a single set of federal guidelines could help, but others fear the implications.

  • November 14, 2005 14 Nov'05

    The CISO's newest duty: bailiff

    At the CSI 32nd annual Computer Security Conference, CISOs say compliance is becoming more burdensome as they must often ensure executives stay out of trouble.

  • October 20, 2005 20 Oct'05

    Competing regulations clog road to compliance

    It's difficult for most organizations to cope with today's multitude of compliance regulations, but an expert at Information Security Decisions said security frameworks may be the answer.