Regulatory and Compliance

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

We just got our daily update from JDSupra (still LOVE THEM!) titled "California's Shine the Light Law: Latest Class Action Threat for Online Retailers and Electronic Commerce Companies", under the topic of Retail Industry Alert.  Here's a link to get you started, because it's important business compliance reading, but that's not why I'm sending you all this letter.

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

EU Data Protection Authorities Approve Google’s Cloud Commitments for International Data Transfers

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

How old is your facebook picture? (No, don't tell me, I don't care.)  How much of our privacy obsession is related to truth?  For example, the weight on your driver's license was absolutely true, twenty-five years ago.  Is misrepresenting ourselves part of privacy or an American obsession with creating an illusion of identity.

In an honest society, what harm can really come of truth?

History of controls harmonization is really the history of managing conversations about risk. Cyber Risk Recap: What could go wrong?

Making Process Real, a seminar in preparing to meet new regulations for controls as proposed by the Sarbanes-Oxley Law was presented by Robin Basham, in Boston, MA 2003, while participating on the board of the Association for Women in Computing. This marked the first use of "Maturity Through Process", and was the basis for preparing ISO 9000 compliant companies to map to their needed SOX CobiT controls.  The work was implemented through SamePage Software, which would later be branded "Facilitated Compliance Management".  The model would be donated to open source and to this day would remain free.

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

HIPAA – HITECH, Aligning Secure Host Baselines According to Common Security Framework CSF

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Tools approach to automating ISO27002 ISMS Policy aligned continuous monitoring

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

I like this privacy policy.  

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

ISO/IEC 27001:2005 - now ISO/IEC 27002:2013

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

What Are the 13 Requirements for PCI DSS 3.2 2016 Compliance?

Navigating PCI DSS: Understanding the Intent of the Requirements, PCI DSS v3.2 

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Security and Privacy Issues and Precautions

There are Six Steps to Achieving PCI Compliance, seven if you add Appendix for Hosted Environments

  1. Build and Maintain a Secure Network
  2. Protect Cardholder Data
  3. Implement Strong Access Control Measures
  4. Regularly Monitor and Test Networks
  5. Maintain a Vulnerability Management Program
  6. Maintain an Information Security Policy

    User Rating: 0 / 5

    Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
ISACA

The New Auditing Paradigm - IAM and SOX Controls Automation

Workday Rising presentation showed an industry use case where Workday, RemedyForce, ADManager (Zoho), Salesforce and various IT Monitoring tools were used in combination to eliminate more than 90% of evidence gathering activities needed to satisfy a SOX compliance program.

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

AICPA Service Organization Control Reports - SOC 2

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive