Expectations from a compliance mapping project?
What is the by product you'd expect from a firm that promises to come in to your organization to conduct a compliance mapping of all your regulatory controls?
What is the by product you'd expect from a firm that promises to come in to your organization to conduct a compliance mapping of all your regulatory controls?
5 pts.
Outside vendor located on premises
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?
View Answer
| Feb 21 2009 0:03 AM GMT
PCI compliance, IT Compliance, Payment Card Industry Data Security Standard
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?
View Answer
| Feb 21 2009 0:03 AM GMTPCI compliance, IT Compliance, Payment Card Industry Data Security Standard
What is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks?
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk. His department is evaluating...
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk. His department is evaluating...
Oracle licensing: I need the documents related with the file F0092
Needs to identify named users in JDE World and One World to ensure compliance with Oracle Licenses. A user may have multiple profiles in multiple environments which in Oracle's eyes would be counted as one named user We are looking at using the following fields to capture a unique identifier...
Needs to identify named users in JDE World and One World to ensure compliance with Oracle Licenses. A user may have multiple profiles in multiple environments which in Oracle's eyes would be counted as one named user We are looking at using the following fields to capture a unique identifier...
PCI Compliance in an iSeries Network Environment - Request for advice and direction
We’re trying to comply with the Payment Card Industry’s PCI DSS requirements. We have a home-grown ERP system running on an IBM iSeries computer that stores and processes credit cards taken over the phone and by mail. We also have a website hosted on another iSeries computer. The site uses a...
We’re trying to comply with the Payment Card Industry’s PCI DSS requirements. We have a home-grown ERP system running on an IBM iSeries computer that stores and processes credit cards taken over the phone and by mail. We also have a website hosted on another iSeries computer. The site uses a...
SAS70
When benchmarking a SAS70 audit to determine if the necessary controls were audited, what standards do you use as guidance to determine the controls to be tested and the control objectives? Does IT rely on internal audit for guidance or do you have your IT processes documented?
When benchmarking a SAS70 audit to determine if the necessary controls were audited, what standards do you use as guidance to determine the controls to be tested and the control objectives? Does IT rely on internal audit for guidance or do you have your IT processes documented?
email data retention laws
are inter-department email groups in a multinational bank subject to any US/UK financial regulation on data retention times..e.g. emails sent to a IT department's group mailbox which recieves requests from other departments in the organisation...e.g. legal restore requests, trader restore...
are inter-department email groups in a multinational bank subject to any US/UK financial regulation on data retention times..e.g. emails sent to a IT department's group mailbox which recieves requests from other departments in the organisation...e.g. legal restore requests, trader restore...
Selecting an area within security to start
Hi, I'm studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I'm also studying for the CISSP. Now, with all these qualifications, could you please...
Hi, I'm studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I'm also studying for the CISSP. Now, with all these qualifications, could you please...
Procedures for a new area.
We are a company where we have expirience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network... I need to know if some one can...
We are a company where we have expirience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network... I need to know if some one can...
Compliance to Acts
How can softwares for url/content filtering or mail scanning be made compliant to HIPAA , Sarbanes-oxley act etc. ... What all features are required to be implemented to make them compliant ????
How can softwares for url/content filtering or mail scanning be made compliant to HIPAA , Sarbanes-oxley act etc. ... What all features are required to be implemented to make them compliant ????
Moving into the InfoSec role
I work at a company that currently does not have a position dedicated to information security. I come from a background in networking with a good portion of my focus on firewalls and other security related technologies. I am interested in positioning myself into the role of InfoSec Admin at my...
I work at a company that currently does not have a position dedicated to information security. I come from a background in networking with a good portion of my focus on firewalls and other security related technologies. I am interested in positioning myself into the role of InfoSec Admin at my...
wireless vlan
hi all, is it possible to have one link from a switch to an access point and split the network into two networks a wireless network from the AP and a wired port for a user connected thru RJ45 and still keep it secured.
hi all, is it possible to have one link from a switch to an access point and split the network into two networks a wireless network from the AP and a wired port for a user connected thru RJ45 and still keep it secured.
IT scope of responsibility
I Have a question concerning the scope of IT support. To what extent should the IT Department support vendor items purchased that perform a specific funtion for other departments. Specificaly items that require the support of the third party vendor. For example we have a time and attendance...
I Have a question concerning the scope of IT support. To what extent should the IT Department support vendor items purchased that perform a specific funtion for other departments. Specificaly items that require the support of the third party vendor. For example we have a time and attendance...
Blue Socket Gateway and Certificates
We are currently attempting to implement a Blue Socket Gateway in order to authenticate our wireless clients. I have been instructed by Blue Socket that the certificate used by them will not work through a NAT translation and that I should put this device on the outside of my ASA firewall. ...
We are currently attempting to implement a Blue Socket Gateway in order to authenticate our wireless clients. I have been instructed by Blue Socket that the certificate used by them will not work through a NAT translation and that I should put this device on the outside of my ASA firewall. ...
security problem
Hello, I have small workgroup having 10 computers in my office. I do some personal work in office like using yahoo messenger, checking personal e-mails and some online banking site. But how does one of my senior knows it? I do everything lonely and securely so that nobody in the office knows it....
Hello, I have small workgroup having 10 computers in my office. I do some personal work in office like using yahoo messenger, checking personal e-mails and some online banking site. But how does one of my senior knows it? I do everything lonely and securely so that nobody in the office knows it....
Application Access Control Mangement
Is there an enterprise wide software management program that can manage access to our web-based applications, vendor specific programs located thru out the entire company, and our MS applications, including MS Outlook? In other words, we would like to control all of the various software programs...
View Answer
| Oct 25 2006 11:38 AM GMT
Disaster Recovery, Identity & Access Management, Digital certificates
Is there an enterprise wide software management program that can manage access to our web-based applications, vendor specific programs located thru out the entire company, and our MS applications, including MS Outlook? In other words, we would like to control all of the various software programs...
View Answer
| Oct 25 2006 11:38 AM GMTDisaster Recovery, Identity & Access Management, Digital certificates
Dos attack
I have been receiving security alert messages from our firewall nearly everyday. e.g TCP Packet - Source:144.120.8.89,39341 Destination:192.168.1.1,25 - [DOS] TCP Packet - Source:210.7.0.36,3473 Destination:210.7.12.23,135 - [DOS] Thu, 2006-10-19 16:30:03 - UDP Packet -...
I have been receiving security alert messages from our firewall nearly everyday. e.g TCP Packet - Source:144.120.8.89,39341 Destination:192.168.1.1,25 - [DOS] TCP Packet - Source:210.7.0.36,3473 Destination:210.7.12.23,135 - [DOS] Thu, 2006-10-19 16:30:03 - UDP Packet -...
Video Recording
I have a client that needs to record video and audio of sessions with their patients to become and maintain a specific certification. There will be eight professionals who need to do this. They would like to be able to record and move to DVD the sessions in the easiest way. The sessions are two...
I have a client that needs to record video and audio of sessions with their patients to become and maintain a specific certification. There will be eight professionals who need to do this. They would like to be able to record and move to DVD the sessions in the easiest way. The sessions are two...
Allow regular user to unlock screensaver locked computer
We have the problem that in a multiuser environment users either lock their computers, or have the screensaver automatically lock it, and leave the workstation. As a result, nobody else can use that computer. By default, only the current user or an adminstrator can unlock the computer. I would...
We have the problem that in a multiuser environment users either lock their computers, or have the screensaver automatically lock it, and leave the workstation. As a result, nobody else can use that computer. By default, only the current user or an adminstrator can unlock the computer. I would...
Best practices involving admin rights for user on user system
We are currently in the middle of figuring out the approach we are going to take in regard to a user having admin rights on their system. Typcially we set up a new user as an administrator on their system when they are logged into the domain. They don't have a local admin account on the system,...
We are currently in the middle of figuring out the approach we are going to take in regard to a user having admin rights on their system. Typcially we set up a new user as an administrator on their system when they are logged into the domain. They don't have a local admin account on the system,...
