Tech Center Compliance
Dark Reading's Compliance Tech Center is your portal to all the news, guidelines, product information, technical recommendations, and other information related to the topic of security and industry/regulatory compliance. Written for those who manage compliance programs as well as security and IT professionals, the Compliance Tech Center is a single community dedicated to the discussion of security issues as they relate to compliance with common regulations, including PCI DSS, HIPAA, SOX, FFIEC, GLBA, NERC, FISMA, and other industry/regulatory standards.
Featured Commentary
-
Glenn S. Phillips
News
-
New Congressional Report Illuminates Attackers' Focus On Electric Grid
Regular attack attempts on electricity providers, malware infections threatening the power grid
-
Mapping Compliance Proof To Risk-Based Controls
Risk-based security decisions usually yield more secure environments, but some harmonization with regulations needs to be done to prove compliance
-
Learning From Auditor War Stories
Stories of IT missteps and unforeseen disasters while auditors are on-site can point to important lessons for preparing for compliance and security
-
Can We Cease Check-Box Compliance?
Some indicators show a transition to risk-based management driving security decisions, but compliance checklists still pay the infosec bills
-
10 Key Compliance Pitfalls -- And How To Avoid Them
A look at the most common mistakes in compliance initiatives, and what you can learn
More Stories
- Internal Audit Teams Target IT Security In 2013
- Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
- Assessing Risk In Your Enterprise Compliance Initiative
- Genesco Sues Visa Over $13 Million In PCI Noncompliance Penalties
- PCI Council Offers Clarity On Cloud, Mobile Issues
By The Numbers
How Enterprises Allocate Compliance Resources
Among the myriad of compliance initiatives enterprise IT must engage in, HIPAA, SOX and PCI-DSS garner the lion share of compliance resources.
Source: InformationWeek 2012 Regulatory Compliance Survey
Commentary
-
Panic Now
There is a big difference between panic and anxiety
-
Your Data Is Gone, Have A Nice Day
Complete data loss and theft remain all too common
-
Mission Impossible: 4 Reasons Compliance Is Impossible
Compliance, like security, is not a constant
-
The Great Lie Of Compliance
If you believe you are fully compliant, then you are not
-
5 Overlooked Cloud-Based Compliance Dangers
Fully understanding risks helps avoid expensive surprises later
Around the Web
Dark Reading Reports
-
10 Key Compliance Pitfalls - and How to Avoid Them
Regulatory compliance is a concern among many - if not most - organizations these days. Getting and staying compliant according to industry and government mandates is complicated. The regulations themselves are complex, they often conflict with other business and technology concerns, and they require a level of staffing and expertise that organizations often lack internally. If you're having trouble when it comes to compliance, you're not alone. Indeed, organizations often share the same compliance pain points. In this Dark Reading report, we list the most common issues that organizations run up against and provide recommendations for overcoming or even avoiding them.
-
Assessing Risk In Your Enterprise Compliance Initiative
Risk is a factor in any enterprise, and managing that risk is always a challenge. In regulated industries, however, the challenge is heightened by goals that sometimes overlap but more often do not. In this Dark Reading report, we examine the general considerations organizations must make when putting risk into a compliance context, as well as recommend specific strategies for leveraging organizational risk management work to achieve compliance goals.
-
Achieving Compliance In The Smart Grid
In most industries, compliance mandates can feel like more of an annoyance than a necessity. In the energy business, strict compliance mandates could be all that stands between business as usual and a catastrophic, long-term power outage. Standards regulating the smart grid, are rightly stringent and often difficult to meet, but they can be modified and leveraged by organizations in all industries to lock down corporate and customer assets.
Other reports from the Compliance Tech Center:
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.