podcast

Anton Chuvakin on PCI DSS compliance, security and nonprofits

When it comes to meeting the requirements of the Payment Card Industry Data Security Standard (PCI DSS), the mantra of the moment is compliance, not security. Anton Chuvakin, a well-known expert on PCI DSS compliance, has a number of recommendations for nonprofits in this podcast. Simply put, trust matters more when your relationship with donors is at risk.

 

 Standard Podcast: Play Now | Play in Popup | Download

When you listen to the interview, recorded with SearchCompliance.com Associate Editor Alexander B. Howard, you’ll hear more about how to minimize risk, the wisdom of outsourcing and why you should focus on the core mission of the nonprofit, not software development.

Cloud computing data security creates challenges for compliance officers

Cloud computing is just another form of outsourcing, and like outsourcing, it comes with its own set of risks and compliance challenges. As the data center begins to disappear into the cloud, data security tops the list.

But is encryption, specifically public key infrastructure, up to the task of protecting data that could reside anywhere? Will standards emerge that will govern the relationship between data owners and cloud service providers?

In this Compliance Advisor podcast, security expert Steven Ross discusses the compliance issues of the “disappearing data center” with SearchCompliance.com Executive Editor Scot Petersen.

 

 Cloud computing compliance [15:12m]: Play Now | Play in Popup | Download

Freerisk financial risk modeling services challenge S&P, Moody’s

In the wake of the financial meltdown trigged by the subprime mortgage crisis in the fall of 2008, credit ratings agencies like Moody’s and Standard and Poor’s became the focus for some of the blame. Did they ignore key risk indicators that would have alerted investors much earlier to the house of cards that would come crashing down? In this Compliance Advisor podcast, Jesper Andersen, co-founder with Toby Segaran of Freerisk.org, discusses their open financial services project, which will offer data, algorithms and tools to perform financial risk modeling.

Find out the origins of Freerisk and its philosophy, its position on XBRL and how it plans to work with Moody’s and S&P to create a more transparent ratings process.

 

 Freerisk challenges Moody's, S&P [13:40m]: Play Now | Play in Popup | Download

Unleashing the potential of sustainable business practices

President Obama met with business leaders on July 2 to discuss not only how businesses can reduce their carbon footprint and energy consumption, but also how these efforts can be of benefit to the businesses financially and to the economy in creating the opportunity for new jobs.

In this Compliance Advisor podcast, Hara CEO Amit Chatterjee, who was at the Obama meeting, discussed why sustainability is important now and how businesses can use sustainable business practices to improve operations and fuel growth.

[insert_podcast]

 

 Unleashing the potential of sustainable business practices [15:24m]: Play Now | Play in Popup | Download

Don’t forget business model risk in your risk management strategy

The MIT Sloan CIO Symposium on May 20 in Cambridge, Mass., featured several panels on the top issues affecting CIOs. But one panel on governance, risk and compliance afterwards produced the most interesting discussion of the day, for me at least, when I caught up with two Patni Americas Inc. directors, Amit Sen and John Vaughan, also in attendance.

The two management consultants are proponents of expanding the definition and practice of risk management to include business model risk — that is, risk introduced into your company by new or changed capital ventures or business processes. In their view, business process automation has run amok, leaving the business (as well as the IT organization), exposed to risks that it might not be aware of.

“What we need to understand is where are we are introducing risks, and the risk is understood and planned and not a byproduct of a lack of knowledge or visibility into what actually goes on in the organization,” said Sen in the following podcast, recorded this week. In the podcast, Sen and Vaughan explain what business model risk is, how to measure and understand it, and how to make business model risk a key part of any risk management and IT governance strategy.

 

 Don't forget business model risk in your risk management strategy [29:00m]: Play Now | Play in Popup | Download

Zero liability limits legal recourse for PCI data breach violations

The recent dismissal of lawsuits against retailer Hannaford raises questions about what recourse consumers have if they are victims of a credit card data breach.

In this Compliance Advisor podcast, PCI expert and ecommerce writer Evan Schuman, of Storefrontbacktalk.com discusses the “zero-liability domino effect” that protects the retailers in the case of a data breach.

Meanwhile, Heartland Payment Systems is continuing to fight back against its data breach, and recently announced an aggressive transaction encryption plan, though it still may not prevent thefts of internal data.

 

 Zero liability limits legal recourse for PCI data breach violations [12:06m]: Play Now | Play in Popup | Download

Podcast: OWASP’s Hess on security and compliance in the cloud

Today’s episode features an interview with Georg Hess about Web application security and compliance in the cloud. Hess is the founder of application security provider Art of Defence and current German chapter head of the Open Web Application Security Project (OWASP).

The OWASP membership includes corporations, educational organizations and individuals from around the world. OWASP’s community works to create freely available articles, methodologies, documentation, tools and technologies.

 

 Podcast: OWASP's Hess on security and compliance in the cloud [23:41m]: Play Now | Play in Popup | Download

When you listen to the podcast, recorded by associate editor Alexander B. Howard, you’ll learn the answers to the following questions:

• How are the security challenges that OWASP advises others on changing?
• OWASP recently published an Application Security Verification Standard. What does the standard mean?
• What does establishing such a standard mean for chief information security (CISO) and compliance officers who are considering cloud computing?
• What other security standards are being established for the cloud or need to be created?
• What compliance issues do companies face when implementing cloud computing?
• How can cloud providers offer secure cloud offerings?
• How can security and compliance officers confirm that they are doing so?
• What do banking and health care CISOs who are considering adopting cloud models need to know?
• How are threats to Web application security evolving?
• What do compliance and security officers need to know — and do — to respond?
• What other regulations do compliance officers need to be aware of in 2009?

Podcast: HITECH Act adds new compliance requirements, penalties

The Health Information Technology for Economic and Clinical Health (HITECH) Act, sometimes referred to as “HIPAA2,” introduces new compliance requirements, penalties and incentives for the adoption of electronic health records. In this podcast from SearchCompliance.com, privacy expert Rebecca Herold talks with associate editor Alexander B. Howard about the HITECH Act and its implications for compliance and information security professionals.

 

 Podcast: HITECH Act adds new compliance requirements, penalties [26:01m]: Play Now | Play in Popup | Download

When you listen to the podcast, you’ll learn the following:

• What is HITECH?
• What is generally required by HITECH?
• Who is affected by HITECH and its compliance requirements?
• What is the role of information technology in HITECH?
• What are the penalties for noncompliance in HITECH?
• How does HITECH differ from HIPAA?
• How will HITECH change electronic health care and the jobs of health care CIOs?

Herold is an information privacy, security and compliance consultant, and a frequent contributor to SearchCompliance.com. You can read her blog at Realtime-ITCompliance.com and follow her on Twitter at @PrivacyProf.

Herold’s recent work at SearchCompliance.com includes:

• HIPAA enforcement getting stronger
• HIPAA criminal convictions outpace sanctions
• HIPAA enforcement, more government audits leading to more convictions

Kodak CISO on meeting today’s compliance challenges

In this IT Compliance Advisor podcast from SearchCompliance.com, associate editor Alexander B. Howard interviews Bruce Jones, chief information security officer (CISO) at Eastman Kodak Co.

Over the course of the wide-ranging interview, recorded on-site at RSA Conference 2009 in San Francisco, Jones discusses the challenges he faces as the CISO for a global multinational company. Listen to the podcast to learn:

• What innovations he has introduced to meet today’s compliance challenges.
• How he aligns risk, compliance and security at Kodak.
• How Kodak approaches forming and following a compliance strategy.
• What his biggest pain points are in meeting compliance requirements, and how he is addressing them.

 

 Kodak CISO on meeting today's compliance challenges [11:18m]: Play Now | Play in Popup | Download

The future of compliance policy management

Compliance is not just “one thing” for businesses anymore. Compliance has become a broad subject like “finance” or “security,” with many sub-topics underneath that umbrella. The best strategy for the range of compliance policy management issues facing IT and business managers today is to take a risk-based approach, says compliance and security consultant Kevin Beaver. In this week’s edition of the IT Compliance Advisor podcast, find out where big and small businesses should be focusing their compliance management efforts.

 

 The future of compliance [10:23m]: Play Now | Play in Popup | Download