Manage

Audit and compliance planning

• Security management plan reveals essential business security upgrades

  As companies create their security management plan for the coming year, they should look to upgrades in Linux and Windows operating systems, Adobe applications and Internet browsers to improve their overall security position. Continue Reading

• PCI DSS requirement: Maintaining a vulnerability management program

  The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place. Continue Reading

• Inside Ryder Truck Rental's PCI compliance project

  In 2007, Julio Gonzalez, director of IT, GRC and network operations at Ryder Truck Rental, kicked off a PCI project aimed at addressing any credit card exposures. Continue Reading

• PCI DSS requirement: Building and maintaining a secure network

  The first PCI focus area requires a set of documented configuration standards, perimeter and endpoint protection. Continue Reading

• Five things to do before your first PCI DSS compliance audit

  Put these steps in motion before your organization's first PCI DSS compliance audit. Continue Reading

• How to choose an external compliance auditor

  Headed for a PCI DSS, HIPAA or Sarbanes-Oxley audit? Picking the right auditor is a key decision; select one who becomes a business partner, ally and educator.Continue Reading

• PCI DSS: Writing an information security policy

  The final set of PCI requirements relates to maintaining a security policy, and also addresses awareness training, personnel screening and managing service provider relationships.Continue Reading

• PCI DSS requirements include strong access control procedures

  The fourth focus of PCI DSS requirements governs how organizations enable and restrict access to cardholder data and limit physical access to cardholder data.Continue Reading

• Midmarket security governance: Develop an IT engagement model

  Midmarket IT organizations may follow an engagement model that facilitates the integration of information security into the business.Continue Reading

• Fact or fiction: Building upon existing compliance infrastructure

  In a fast-paced "fact or fiction" format, Burton Group's Trent Henry will discuss the must-have compliance technologies and how an organization can piggy-back existing infrastructure to satisfy the regulators.Continue Reading

• Consider a compliance-driven security framework

  Midmarket companies bound to regulations such as PCI DSS, HIPAA and Sarbanes-Oxley should consider using these requirements as the basis for their security programs.Continue Reading

• When filling out the PCI DSS questionnaire, is it important to provide documentation?

  It's time to fill out the PCI DSS questionnaire, but management has said that it's no big deal, there's no need to provide accompanying documentation. But what will happen when an auditor comes knocking? Security management expert Mike Rothman ...Continue Reading