Compliance alone should never be the only goal

In tough times, compliance efforts may seem optional

To remain compliant, your approach must grow in scale with your business

Compliance is about being better and not just proving you are right

As soon as you train your colleagues about compliance, noncompliance is back in charge

Compliant systems do more than prevent problems -- they help solve problems that happen

Information security is at the mercy of your entire staff's habits

Too many in business assume compliance is primarily a technology issue

Compliance in many organizations is seen as only a costly inconvenience

It may be boring or scary to management, but compliance is ultimately their burden to bear

The best insurance for your organization is often the processes required for compliance

Many businesses fool themselves about their compliance problems

Compliance is not a tool for dodging work or dismissing business needs

Small and midsize businesses often let the cost of compliance obscure important benefits

Organizations need to know what constitutes a breach of identity data according to state laws and how to respond

State and Federal laws require notification when a breach of protected information occurs. You need to know which laws apply and how to comply

Regulations require organizations to periodically assess security and compliance practices; the key is to understand how to do so effectively -- without breaking the bank

Partner management is a key element to any compliance program. Assessing a partner’s ability to meet your compliance requirements is critical to managing these relationships. The first step is to determine the partner’s understanding of its responsibility and ensuring that it is capable of meeting it.

Understanding the risk associated with a partner relationship and managing it accordingly is key

The FFIEC recommends that organizations provide additional business and fraud detection controls to offset weaknesses in authentication technology.

The FFIEC has issued guidance on authentication in financial transactions. The guidance recommends risk based selection of authentication mechanisms and layered security. It also warns organizations about increased threats and weaknesses in certain accepted authentication mechanisms.

Risk assessments are are critical part of regulatory compliance, but many organizations don’t implement them well. Risk assessments, as part of a risk management program, help ensure that the right controls are in place to secure data and comply with regulations.

The PCI Security Council’s revocation of a QSA’s status spells trouble for unscrupulous QSAs and shows that the Council means business in enforcing its quality standards.

New Dark Reading Compliance Tech Center will cover relationship between security initiatives and compliance initiatives