- Audit and compliance planning
- Choosing security services
- End user training and awareness
- Risk assessments and metrics
- Writing and enforcing security policies
Email Alerts
-
PCI assessor and CISO: Work together for the best PCI ROC
In a session at the SOURCE Boston conference, a PCI assessor and a CISO explain that there are ways to arrive at a report on compliance they can both appreciate.News | 19 Apr 2012
-
PCI DSS 2.0 and virtualization compliance for SMBs
PCI DSS 2.0, which debuts this month, includes key changes for SMBs in the areas of virtualization and vulnerability assessments. Expert Mike Chapple details the changes and explains what midmarket firms must do to comply.Tip
-
PCI DSS requirement: Maintaining a vulnerability management program
The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place.Tip
-
New Jersey bank fined $1 million for BSA violations
FinCEN penalty against Pamrapo Savings Bank comes two months after the bank pleaded guilty to conspiracy to violate the Bank Secrecy Act.Article | 03 Jun 2010
-
How to create a compliance, audit program
When it became difficult for everyone to keep up with internal audit obligations, Diane Kissel, IS risk and compliance manager at the facility, helped create a compliance program.Tip
-
Inside Ryder Truck Rental's PCI compliance project
In 2007, Julio Gonzalez, director of IT, GRC and network operations at Ryder Truck Rental, kicked off a PCI project aimed at addressing any credit card exposures.Podcast
-
PCI DSS requirement: Building and maintaining a secure network
The first PCI focus area requires a set of documented configuration standards, perimeter and endpoint protection.Tip
-
Encryption basics: How asymmetric and symmetric encryption works
Before you encrypt your files, emails and Web transactions, make sure you know the cryptography basics.Tip
-
PCI DSS checklist: Mistakes and problem areas to avoid
Experts share lessons learned by midmarket companies trying to comply with PCI DSS in areas such as self assessment questionnaires, encryption, policy creation and application securityArticle | 26 Jan 2010
-
Five things to do before your first PCI DSS compliance audit
Put these steps in motion before your organization's first PCI DSS compliance audit.Tip
- VIEW MORE ON : Audit and compliance planning
-
Three portable data storage encryption methods
Mike Chapple looks at three ways to encrypt sensitive data while it's stored on portable media.Tip
-
Security mergers and acquisitions strategy: Questions you need to ask
Your security vendor has just been acquired. Learn the questions you need to ask and the answers you need to hear.Tip
-
How to choose online data backup services for data protection
SaaS-based data backup cuts costs and management overhead, but you're not outsourcing your security responsibilities.Tip
-
Securosis takes aim at midmarket security needs
Editorial Director Michael S. Mimoso talks with the crew at analyst firm Securosis about how the company's research will target midsized companies.Podcast
-
Email security and SaaS for midmarket companies
Learn more about whether an email SaaS provider is right for your company, and how to choose one that offers the features you need.Video
-
How to choose hosted Web security services
Hosted Web security services that analyze Web traffic for malware are an attractive alternative to on-premise Web security gateways.Tip
-
How to build the right managed security service level agreement
Midmarket companies have little leverage in contractual negotiations with large managed security service providers, and should look toward smaller MSSPs for more flexibility in defining service level agreements.Article | 06 Aug 2009
-
Avoid compliance mistakes as you outsource
Providers may be required to be compliant with PCI, but that doesn't liberate merchants from liability in the event of a breach.Article | 06 Jul 2009
-
Software-as-a-service a good choice for fighting spam
SaaS allows midmarket companies with small IT staffs to offload the workload and expertise needed to fight the flood of spam inundating their email servers.Tip
-
NAC Basics: Implementation and integration
What is NAC, how can you know if it's right for your business and how can you implement a NAC configuration? In this second video of a two-part series, Joel Snyder explains NAC implementation and integration basics.Video
- VIEW MORE ON : Choosing security services
-
Social networks take on greater weight in infosec training programs
During a session at InfoSec World 2010, a speaker urged companies to take advantage of the benefits of social networking but also address the risks in a security training program.Article | 21 Apr 2010
-
Critical infrastructure defense is distributed, says NERC security chief
NERC security officer Michael Assante said the national cybersecurity defense and threat strategy is a shared responsibility among today's corporate security professionals.Article | 20 Apr 2010
-
Bruce Schneier on outsourcing, awareness training
At the 2009 Information Security Decisions conference, security expert Bruce Schneier answered some of readers' burning security questions.Video
-
What are the benefits of employee security awareness training?
In this Q&A, security management expert Mike Rothman discusses the short-term and long-term benefits of employee security awareness training.Tip
-
Pod slurping: The latest data threat
Allow iPods in the office? Perhaps it's time to reevaluate that device policy, as iPods pose more danger to the corporate network than it might seem. In this tip, contributor Peter Giannoulis introduces Pod slurping, the latest hacking technique, and explains how revising corporate policies can prevent potential data leaks.Tip
-
PCI DSS 2.0 and virtualization compliance for SMBs
PCI DSS 2.0, which debuts this month, includes key changes for SMBs in the areas of virtualization and vulnerability assessments. Expert Mike Chapple details the changes and explains what midmarket firms must do to comply.Tip
-
Midsized businesses not immune to attacks, data breaches, survey finds
Midsized firms are seeing increased attacks and a rise in data breaches, according to the survey conducted by London-based Bloor Research.Article | 13 Oct 2010
-
risk analysis
Risk analysis is the process of defining and analyzing the dangers to individuals, businesses, and government agencies posed by potential natural and human-caused adverse events... (Continued)Definition
-
How to create a compliance, audit program
When it became difficult for everyone to keep up with internal audit obligations, Diane Kissel, IS risk and compliance manager at the facility, helped create a compliance program.Tip
-
Are you too small for an email retention and archiving policy?
Joel Snyder reviews how organizations, both large and small, should prepare their email retention and archiving policy.Tip
-
Encryption basics: How asymmetric and symmetric encryption works
Before you encrypt your files, emails and Web transactions, make sure you know the cryptography basics.Tip
-
Secure data destruction using a bootable Windows CD
Tom Chmielarski reveals how one free, easy-to-use tool may be what prevents your valuable hard drive data from being sold on eBay.Tip
-
Securosis takes aim at midmarket security needs
Editorial Director Michael S. Mimoso talks with the crew at analyst firm Securosis about how the company's research will target midsized companies.Podcast
-
Intelligent threat management podcast
Listen to this podcast featuring security guru Joel Snyder to find out how and where to spend your security dollars to make the most impact. Learn unique ways of leveraging existing threat management investments to provide more insight into your security.Tip
-
Marcus Ranum on cyberwarfare, infosec careers
At 2009's Information Security Decisions conference, security expert Marcus Ranum sat down to answer some of readers' security questions.Video
- VIEW MORE ON : Risk assessments and metrics
-
Write it down: Network security documentation basics
Joel Snyder reveals the specific network security documentation that will help move disaster recovery plans along.Tip
-
How to find a keylogger on your computers
If a hardware or software keylogger made it on to one of your organization's machines, it would be a security pro's worst nightmare. Learn how to detect and defend against the malware.Tip
-
Laptop full disk encryption: Debunking myths
Mike Chapple reviews laptop full disk encryption and separates fact from fiction.Tip
-
Inside Ryder Truck Rental's PCI compliance project
In 2007, Julio Gonzalez, director of IT, GRC and network operations at Ryder Truck Rental, kicked off a PCI project aimed at addressing any credit card exposures.Podcast
-
Panel debates 'buy vs. build' mobile device security policy management
A panel discussion at InfoSec World 2010 focused less on the technology necessary to secure non-BlackBerry devices and more on the attendees' concerns with the data privacy laws.Article | 28 Apr 2010
-
Security mergers and acquisitions strategy: Questions you need to ask
Your security vendor has just been acquired. Learn the questions you need to ask and the answers you need to hear.Tip
-
Are you too small for an email retention and archiving policy?
Joel Snyder reviews how organizations, both large and small, should prepare their email retention and archiving policy.Tip
-
clean desk policy (CDP)
A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office. Most CDPs require employees to clear their desks of all papers at the end of the day.Definition
-
Five things to do before your first PCI DSS compliance audit
Put these steps in motion before your organization's first PCI DSS compliance audit.Tip
-
Acceptable use policy for Internet usage helps data protection efforts
Acceptable use policies are an inexpensive, yet effective, control in limiting exposure to data breaches.Tip
- VIEW MORE ON : Writing and enforcing security policies