Sep 22 2009 2:23PM GMT
Posted by: Margaret Rouse
FISMA,
Compliance,
ICE,
Security
Today’s WhatIs.com Word of the Day is FISMA.
Sep 14 2009 5:32PM GMT
Posted by: Margaret Rouse
Compliance,
PCI compliance,
PCI compliance DSS
 |
“In our view, if you peel off all the layers around the PCI Data Security Standards, you will see it for what it is in significant part, a tool to shift risk off the banks’ and credit card companies’ balance sheets and place it on others.”
Dave Hogan, as quoted in Cybersecurity hearing highlights inadequacy of PCI DSS |
Today’s WhatIs.com Word of the Day is PCI compliance.
Jul 14 2009 2:22PM GMT
Posted by: Margaret Rouse
Mark Wright,
Massachusetts 201 CMR 17.00,
data encryption,
Privacy,
consumer protection,
Compliance

|
“Massachusetts is taking data encryption regulation to the next level by actually defining what is meant by encryption, and this definition includes all data that is in transition, in storage and on portable devices.”
Mark Wright, The Evolution of Data |
From 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH / Definitions section
“Encrypted,” transformation of data through the use of a 128-bit or higher algorithmic process, or other means or process approved by the office of consumer affairs and business regulation that is at least as secure as such algorithmic process, into a form in which there is a low probability of assigning meaning without use of a confidential process or key.
May 13 2009 5:36PM GMT
Posted by: Margaret Rouse
Security,
Compliance,
PCI DSS
Friday’s WhatIs.com Word of the Day is Payment Card Industry Data Security Standard, better known as PCI DSS. If you’ve ever had your debit card replaced without your asking, you’ve been affected by PCI DSS. The standard is managed by a consortium of credit card companies. David Taylor explains how (and why) merchants are hooking up to promote a new standard.
From its humble beginnings as an effort to rationalize and harmonize the Visa, MasterCard and AMEX security guidelines and turn them into a single standard, the PCI SSC continues to raise the bet by launching more and more standards to address different aspects of the payment security business: Payment application security (PA-DSS), PIN entry device security (PCI-PED), Hardware security modules (PCI HSM), Kiosk and ATM security (PCI UPT), etc.
Even though these standards are emerging through a participatory process, some merchants and vendors clearly see this game as “rigged” – run by the card networks, enforced by the card networks, with fines imposed by the card networks. The merchants and vendors may be allowed to offer advice; they are not “players” in the game. But now this could be changing.
Feb 6 2009 12:55PM GMT
Posted by: Margaret Rouse
Compliance,
change managment,
risk management,
IT Governance
If you missed Kelly’s article when it first came out, take moment and read through it. I bet you’ll learn something.
Key points I want to remember:
- Two of their most common reasons for failing an audit are poor documentation and poor training programs.
- It’s all about proving that data isn’t tampered with — from inside or out.
- Manage change in a consistent manner.
- Clearly define roles and permissions.
- Know who (and where) users are, what role they play and what permissions they have.
- Align physical security with IT security.
- Be ready to demonstrate how you monitor security.
- Be ready to demonstrate how you are able to detect and act on anomalies.
- Map security processes to business processes. A checklist isn’t enough.
Mar 4 2008 2:21AM GMT
Posted by: Margaret Rouse
Compliance,
SOX,
Video
Steven Zelin, the Singing CPA, sings a rather clever rendition of “Happy Birthday” to Sarbanes-Oxley.