Security Management Strategies for the CIO
Email Alerts
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Risk-based audit methodology: How to achieve enterprise security
Discover how using a risk-based audit methodology can achieve better enterprise security. Learn how to develop an internal IT audit program, implement risk mitigation methods and develop controls and ensure they are effective. Learning Guide
-
Mass 201 CMR 17: Basics for security practitioners
Massachusetts data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements of this law, and find out what needs to be done to become compliant with the law. Learning Guide
-
Quiz: Compliance-driven role management
Use this five-question quiz to test your knowledge of role and entitlement management. Quiz
-
Quiz: Virtualization and compliance
How much have you gleaned from this Virtualization and compliance Security School lesson? Test you knowledge of cloud compliance best practices and the future of virtualization compliance. Quiz
-
More from SearchSecurity.com --- February 2007
Highlights from the February 2007 issue of Information Security magazine Information Security maga
-
Quiz: Compliance improvement -- Get better as you go forward
A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Compliance School
-
Achieving Compliance: A Real-World Roadmap
This session track from Information Security Decisions 2006 explains how to build an effective compliance program, defines metrics and ways to ensure business continuity. Session Downloads
-
Building network security: Evolution and vendor consolidation
Through both vendor consolidation and evolution, security capabilities are increasingly being woven into the network fabric. In this lesson, Mike Rothman, president and principal analyst of Security Incite, will help attendees understand the network/... Identity and Access Manag
-
Answers: Compliance All-in-One Guide quiz
SearchSecurity Retention
- See More: Essential Knowledge on Data Privacy and Protection
-
Data privacy issues present new data governance challenges
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage. News | 17 Sep 2012
-
Cloud study debunks Patriot Act assumptions
Law firm study of 10 countries finds that all allow government to access cloud data News | 30 May 2012
-
A bold view on prioritizing computer security laws
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles. News | 24 May 2012
-
Changes to European privacy laws foreshadow serious business impact
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses. News | 08 Mar 2012
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News | 01 Mar 2012
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News | 20 Dec 2011
-
SEC guidelines push companies to disclose potential breaches
The U.S. Securities and Exchange Commission guidelines help companies determine how security breaches should be disclosed to potential investors. News | 17 Oct 2011
-
Data breach notification laws: Timing right for breach notification bill, experts say
The bill would supersede state laws and experts say they could help enterprises by setting one standard set of rules for breach notification. News | 01 Jun 2011
-
Cost of non-compliance outweighs cost of maintaining compliance, report finds
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million. Article | 31 Jan 2011
-
Computer security awareness training could prevent some data loss, experts say
An audit of a prominent Boston-based health care firm found serious lapses in employee security awareness. Article | 08 Dec 2010
- See More: News on Data Privacy and Protection
-
How regulation should -- and shouldn't -- influence cybersecurity policy
Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security. Tip
-
Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses. Tip
-
For U.S. companies, EU cookie compliance calls for website changes
With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines. Tip
-
Is private browsing really private? Identifying Web browser risk
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks. Tip
-
How secure managed file transfers help meet compliance requirements
By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant with requirements much more easily. Tip
-
DATA Act protection: Effects of a federal breach notification law
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in. Tip
-
Database security best practices: Tuning database audit tools
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip. Tip
-
Ease credit card risks: POS encryption and data tokenization for PCI
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains what to consider before using tokenization and transact... Tip
-
Interpreting 'risk' in the Massachusetts data protection law
After many changes, it appears that the recent Massachusetts data protection law is here to stay. Contributor David Navetta reviews the important, ambiguous places in the legislation that your legal and compliance teams must zero in on in order to av... Tip
-
Strategies for using technology to enable automated compliance
Enterprise compliance programs depend on a variety of people, data and processes, so it's no surprise that many organizations seek to implement automated compliance with the help of technology. However, such efforts can easily fail without due dilige... Tip
- See More: Tips on Data Privacy and Protection
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint. Answer
-
EU cookie regulations: Advice for firms in the US and other countries
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Answer
-
Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16
Compliance expert Charles Denyer covers ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70. Answer
-
Secure cloud file storage for health care: How to regain control
Should health care organizations endorse the use of secure cloud file storage? Michael Cobb offers advice on establishing governance processes for cloud-based services. Ask the Expert
-
Privacy laws in the workplace: Creating employee privacy policies
Are your employees aware of their workplace privacy rights? More specifically, are they aware of what privacy rights they don't retain? Learn how to create effective employee privacy policies in this expert response. Ask the Expert
-
How to prepare for a FERPA audit
Does your educational institution have to comply with FERPA? David Mortman, security management expert, explains what FERPA requires for school records and what to do when your FERPA audit is right around the corner. Ask the Expert
-
How would you define the responsibilities of a data custodian in a bank?
Data security is incredibly important for financial institutions, and it's the data custodian's job to make sure that data is safe. Security management expert Mike Rothman explains more. Ask the Expert
-
How to prevent audit-logging system from storing passwords?
In this SearchSecurity.com Q&A;, security pro Mike Rothman discusses several ways to prevent your audit systems from storing passwords or other personal information. Ask the Expert
-
How can a CSO determine if a company has a data security problem?
In this SearchSecurity.com Q&A;, security management expert Mike Rothman examines certain areas that a CSO should focus on, such as internal policy documents and penetration test results, to determine if a corporation has a data security breach proble... Ask the Expert
-
Can keyloggers monitor mouse clicks and keyboard entries?
Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb. Ask the Expert
- See More: Expert Advice on Data Privacy and Protection
-
Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)
The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies. Definition
-
cypherpunk
Cypherpunk, a term that appeared in Eric Hughes' "A Cypherpunk's Manifesto" in 1993, combines the ideas of cyberpunk, the spirit of individualism in cyberspace, with the use of strong encryption (ciphertext is encrypted text) to preserve privacy. Definition
-
Data Encryption Standard (DES)
Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. Definition
-
P3P (Platform for Privacy Preferences)
P3P (Platform for Privacy Preferences) is a protocol that specifies a way to determine if a Web site's security policies meet a user's privacy requirements. Definition
-
PCI tokenization: Credit card security policy guidance
Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise. Video
-
RSA 2011 preview: Compliance
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Jos... Video
-
What you need to do for MA 201 CMR 17 compliance
In this video, expert Richard Mackey outlines the steps that every organization must take to comply with Massachusetts 201 CMR 17 data protection law. Video
-
Q&A;: Forrester's Chenxi Wang discusses cloud compliance
Forrester's Chenxi Wang discusses cloud compliance and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services. Video
-
How to evolve your compliance program as technologies and mandates change
This video describes how organizations can effectively interpret particular requirements from regulations such as HIPAA and PCI and implications these interpretations have on compliance activities, administration, and auditors. Video
-
Raising the bar on compliance success
By now, most enterprises have established baselines for reporting on foundational IT controls. They've also leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" ... Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Compliance in the cloud
Rena Mears, global and U.S. privacy and data protection leader at Deloitte, discusses how cloud computing is transforming data classification and security. Video
-
PCI compliance requirement 3: Protect data
Ed Moyle and Diana Kelley review Requirement 3 of the Payment Card Industry Data Security Standard: Protect cardholder data. It's not as simple as it sounds. Video
-
Federal efforts to secure cyberinfrastrucure
RSA 2009: Former White House senior advisor Paul Kurtz and James Lewis, director of technology policy at the Center for Strategic and International Studies talk about the state of cybersecurity readiness at the federal level. Video
- See More: Multimedia on Data Privacy and Protection
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint. Answer
-
Data privacy issues present new data governance challenges
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage. News
-
Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)
The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies. Definition
-
Cloud study debunks Patriot Act assumptions
Law firm study of 10 countries finds that all allow government to access cloud data News
-
A bold view on prioritizing computer security laws
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles. News
-
How regulation should -- and shouldn't -- influence cybersecurity policy
Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security. Tip
-
Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses. Tip
-
EU cookie regulations: Advice for firms in the US and other countries
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Answer
-
For U.S. companies, EU cookie compliance calls for website changes
With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines. Tip
-
Changes to European privacy laws foreshadow serious business impact
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses. News
- See More: All on Data Privacy and Protection
About Data Privacy and Protection
Get information and advice on data protection and privacy policy, laws and issues. Learn best practices on data theft prevention and how to avoid a data privacy incident.