September 26, 2009 10:19 PM
Posted by: Charles Denyer
and debt collectors,
charles denyer,
consumers,
customers,
data centers,
GLBA,
loan brokers,
non-bank mortgage lenders,
privacy rules,
providers of real estate settlement services,
SAS 70,
some financial or investment advisers,
tax preparersGLBA Privacy Rule
Protecting the privacy of consumer information held by "financial institutions" and other third party vendors and service providers that provide “support services” to these “financial institutions” is at the heart of the financial privacy provisions of...
September 25, 2009 1:49 PM
Posted by: Charles Denyer
charles denyer,
co-location,
data centers,
health insurance portability and accountability act,
HIPAA,
managed services,
Payment Card Industry Data Security Standard,
PCI DSS,
SAS 70HIPAA compliance for data centers is fast becoming a hot topic in regulatory compliance. It first started with Statement on Auditing Standards No. 70 (SAS 70), it is now moving onto the Payment Card Industry Data...
August 29, 2009 1:53 PM
Posted by: Charles Denyer
charles denyer,
PCI DSS,
Protecting the Privacy of Social Security Numbers Act | S. 141,
SAS 70,
social security numbersCongress yet again is combating the fraud issues associated with private consumer information. The "Protecting the Privacy of Social Security Numbers Ac" (S. 141) is another good example of this.
Essentially, this bill encompasses...
August 29, 2009 1:43 PM
Posted by: Charles Denyer
charles denyer,
civil actions,
Data Breach Notification Act,
PCI DSS,
s. 139,
SAS 70,
Senator Dianne FeinsteinWell, Regulatory Compliance, Governance, and Security is alive and well in Washington, D.C. again. Don't be fooled to thinking that the current laws will be the end. The ongoing push for these initiatives, along with an added emphasis on privacy and the protection of the consumer, will continue. As...
August 29, 2009 1:31 PM
Posted by: Charles Denyer
charles denyer,
intrusion detection system,
merchants,
pci dss compliance,
qsa,
qualified security assessor,
report on compliance,
ROC,
service providers,
software code review,
two factor authentication,
web application firewallPCI DSS Compliance, especially on-site reviews conducted by a Qualified Security Assessor (QSA), can take an immense amount of time in completing and receiving one's Report on Compliance (ROC).
What most merchants and service providers fail to recognize is that there are numerous issues that could...
August 24, 2009 12:18 AM
Posted by: Charles Denyer
annual on site review,
charles denyer,
Level 2 merchants,
MasterCard SDP program,
PCI DSS,
qsa,
qualified security assessor,
self assessmentThe MasterCard SDP Program has essentially made changes that now require Level 2 Merchants to have an annual on-site review of their security controls by a Qualified Security Assessor (QSA) for purposes of complying with PCI DSS. Let me state for the record, as a QSA, this is big news. There are...
August 23, 2009 8:47 PM
Posted by: Charles Denyer
162,
45 CFR Parts 160,
and 164,
charles denyer,
health insurance portability and accountability act,
Health Insurance Reform: Security Standards,
HIPAA,
payment card industry data security standards,
PCI,
PCI DSS,
SAS 70,
The Department of Health and Human Services,
type IIHIPAA, The Health Insurance Portability and Accountability Act, has been with us for years now. Upon reading through the vast and cumbersome documentation, one quickly realizes that HIPAA has many moving parts, enough to make you...
August 23, 2009 5:01 PM
Posted by: Charles Denyer
130 million cards,
charles denyer,
data security breach,
merchants,
payment card industry data security standards,
PCI DSS,
service providersPCI DSS compliance has taken a lot of shots lately, much of it unfair. Sure, there have been a number of high profile data and security breaches, such as the recent compromise of 130 million payment (credit and debit) cards.
These stories create...
August 23, 2009 4:42 PM
Posted by: Charles Denyer
charles denyer,
gateways,
mastercard,
merchants,
payment card industry data security standards,
payment processors,
PCI DSS,
pci self assess,
qsa,
qualified security assessor,
self assessment,
self assessment questionnairesPCI DSS Compliance for merchants is a hot topic indeed as witnessed by the large and ever growing number of businesses having to comply with PCI DSS. And to be fair, the vast majority can “self-assess” for compliance by answering a series of questions...
