Dark Reading
Protect The Business - Enable Access
Click here for more info!
Dark Reading's Compliance Tech Center is your portal to all the news, guidelines, product information, technical recommendations, and other information related to the topic of security and industry/regulatory compliance. Written for those who manage compliance programs as well as security and IT professionals, the Compliance Tech Center is a single community dedicated to the discussion of security issues as they relate to compliance with common regulations, including PCI DSS, HIPAA, SOX, FFIEC, GLBA, NERC, FISMA, and other industry/regulatory standards.
Breaking News
Stolen Laptop Exposes Boston Hospital Patient Data
An email attachment containing patient data was unencrypted and accessible
Poorly Managed Firewall Rule Sets Will Flag An Audit
Auditors and compliance managers alike are depending on firewall management principles and tools to cut through the complexity
Obama Cybersecurity Czar Schmidt Steps Down
Howard A. Schmidt, the first-ever U.S. cybersecurity coordinator, has resigned and will retire later this month to enter academia
More Stories:
- 10 Symptoms Of Check-Box Compliance
- How To Boost Enterprise Security Via FFIEC Compliance
- Compliance Policy Development Do's And Don'ts
- Making Compliance Work
- Are Today's Risk Management Frameworks Antiquated?
- IT's Hottest 'Necessary Evil'
- Will New FTC Privacy Recommendations Challenge E-Commerce?
- Risk And Regulatory Overload
MORE NEWS >>>
By The Numbers
Deciding Compliance Policy
The IT and line-of-business decision makers who set compliance at enterprises tends to vary by organization.
Blog
Don’t Be The Nerdiest Person In The RoomMay 24, 2012
Technical language has its place, but overuse hampers compliance
Around The Web
INFORMATIONWEEK
IT's Consumerization Compliance Conundrum
As more and more employees show up at the office carrying high-powered mobile devices, things become ridiculously complicated for IT professionals who are appropriately focused on the security of their network. But along with those worries, it?s critical to think about compliance with the same standards expected of traditional endpoints. The task is unenviable, given the expectations of employees
MODERNHEALTHCARE
FTC Emphasizes Do-Not-Track In New Privacy Report
The FTC has released a report strongly suggesting that health-care organizations provide Do Not Track functionality for patient's browsers. The hope is that the provision will be widely adopted without relying on legislation or regulation
GOVINFOSECURITY
Texas Targets ACH Fraud
The Texas Department of Banking has teamed up with the US Secret Service to form the Texas Bankers Electronic Crimes Task Force. The task force has issued an additional slate of guidelines and plans to focus on more-vulnerable small banks
MODERNHEALTHCARE
Rule To Align Privacy Regulations On Its Way
Things are about to get tougher for already-struggling health-care providers. The upcoming omnibus rule will tie HIPAA regulations in with the tougher American Recovery and Reinvestment Act. The biggest change will be the way in which health-care providers must deal with outside IT providers. From now on, these so-called business associates will be fully liable under HIPAA standards
STOREFRONTBACKTALK
Have Someone Else's Store Within Your Store? Well, You Used To Be PCI Compliant
PCI regulations are thorny enough, but when you have a store within your store -- say a Taco Bell inside a truck stop -- things get almost impossibly labyrinthine. Just allowing the inner business to use the main business's LAN can classify it as a PCI service provider and subject to all associated regulations
BANK SYSTEMS & TECHNOLOGY
PCI Compliance: The Risks Banks Can Miss
Surveys show that the rate of bank compliance with Payment Card Industry standards is discouraging at best. In many cases, this failure stems from the fact that institutions just don?t understand what they?re supposed to be complying with
BANKINFOSECURITY
Inside Microsoft's Zeus Malware Raid
Microsoft has coupled with the financial industry to launch a targeted raid on botnets, called B71. This rare collaboration seeks out hackers and hacking organizations under the rubric of the well-publicized RICO Act
BIO IT WORLD
Jiff Launches First HIPAA-Compliant Health Care Social Network
Health-care professionals banned from sharing patient stories on Facebook, but Jif plans to provide an alternative in Circle of Health. The secure channel is intended to be used as a method of communication between doctor and patient to check on progress in between visits
Compliance Reports
How To Boost Security Via FFIEC Compliance
With just a smartphone, users can conduct nearly all their banking business at any time of the day or night. However, all this flexibility and convenience opens up new avenues for fraud and cybercrime. Guidelines laid out by the FFIEC several years ago predate many of the capabilities-and vulnerabilities-that are in place today. In this report, we examine the latest guidelines and provide advice on how you can extend the work done to comply with FFIEC guidelines to strengthen your organization's overall security posture and keep customers and their data safe.
Keeping Compliance In Check
Configuration mistakes, access control gaffes, poor documentation--it doesn?t take much for a compliance audit to go all wrong. In this special retrospective of recent news coverage, Dark Reading takes a look at the costs, common missteps and best practices for compliance, as well as the day the Internet nearly went dark due to the threat of new regulations.
FISMA Lifts All Compliance Boats
FISMA may not be on your radar now, but it likely will be at some point. Geared specifically toward the federal government and its affiliate agencies and third parties, FISMA is a very specific set of requirements aimed at establishing and maintaining at least a baseline level of computer and network security. FISMA requires unique categorization and classification of information assets, not to mention a boatload of documentation to prove compliance. But once your organization achieves FISMA compliance, it will likely be compliant with just about every security mandate out there.
Other reports from the Compliance Tech Center:
Related Content
| Sponsored by: |  |
Log Management in 2012 and Beyond
2012 brings interesting changes to the log management world. Now, more than ever, it is critical to understand the impact to your log infrastructure and the solutions that will better prepare you to manage your security posture.
SANS Log Management Survey Report
Organizations are increasingly dependent on log management to support core business functions, including cost management, service level and line-of-business application monitoring, as well as traditional IT- and security-focused activities.
Cut the Time and Effort of Troubleshooting and Reporting
Organizations generate millions of logs a day and struggle with centralized collection, storage and analysis of those logs. ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting and analysis across any type of IT data. It consolidates silos of logs into a single indexed repository for fast detection and mitigation of operational issues.
Get Turnkey and Automated PCI Compliance
PCI compliance monitoring is seamless with the self-contained ArcSight PCI Logger solution for log collection, storage and analysis. No database administration expertise is required and a web-based interface simplifies deployment and ongoing management.
Swiss Bank Meets Compliance Requirements and Protects Customer Data
Due to long-term data retention requirements, Swiss bank EFG needed a cost-effective way to collect, secure and store audit-quality log data in an easily accessible log repository. ArcSight Logger helps EFG meet key requirements of Switzerland?s banking laws fast and cost-effectively.
Compliance Newsfeed
- PCI Council Introduces New Certification & Training Program
- SureCloud Launches Unified Compliance Platform
- Visa Strategy Manager Boosts Issuer Fraud Detection
- LockPath Releases Version 2.3 Of Keylight Platform
- Information Security Forum Launches Threat Horizon 2014
- Uncertainty Brings Heightened Risk Awareness In New Era, Says PwC US
MORE NEWSFEED >>>
- Analytics on Demand: A Services Approach for Increased Agility
- Creating an Agile, Flexible Cloud Computing Model
- The Dell Difference: Lessons from Dell’s Own IT Transformation
- Protecting End Users Against Emerging Threats
- The Business Value of Data Quality – Getting the Most out of Your Investments in Data Warehousing and Data Analytics
- Cyber Security Risk: A Conversation with Richard Clarke about Threats to Enterprise Software
- RHEV for Servers: Competitive Pricing whitepaper
- IDC Whitepaper: Red Hat Enterprise Virtualization
- Amplify data center efficiencies by solving key challenges that impact costs, performance, and growth
- How To Build a Mission-Critical Data Center
