Tips

Tips

Audit and compliance planning

• Choosing the best security certifications for your career

  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.  Continue Reading

• Security management plan reveals essential business security upgrades

  As companies create their security management plan for the coming year, they should look to upgrades in Linux and Windows operating systems, Adobe applications and Internet browsers to improve their overall security position.  Continue Reading

• PCI DSS 2.0 and virtualization compliance for SMBs

  PCI DSS 2.0, which debuts this month, includes key changes for SMBs in the areas of virtualization and vulnerability assessments. Expert Mike Chapple details the changes and explains what midmarket firms must do to comply.  Continue Reading

• PCI DSS requirement: Maintaining a vulnerability management program

  The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place.  Continue Reading

• How to create a compliance, audit program

  When it became difficult for everyone to keep up with internal audit obligations, Diane Kissel, IS risk and compliance manager at the facility, helped create a compliance program.  Continue Reading

• PCI DSS requirement: Building and maintaining a secure network

  The first PCI focus area requires a set of documented configuration standards, perimeter and endpoint protection.  Continue Reading

• Encryption basics: How asymmetric and symmetric encryption works

  Before you encrypt your files, emails and Web transactions, make sure you know the cryptography basics.  Continue Reading

• Five things to do before your first PCI DSS compliance audit

  Put these steps in motion before your organization's first PCI DSS compliance audit.  Continue Reading

• How to choose an external compliance auditor

  Headed for a PCI DSS, HIPAA or Sarbanes-Oxley audit? Picking the right auditor is a key decision; select one who becomes a business partner, ally and educator.  Continue Reading

• PCI DSS: Writing an information security policy

  The final set of PCI requirements relates to maintaining a security policy, and also addresses awareness training, personnel screening and managing service provider relationships.  Continue Reading

• PCI DSS requirement: Monitoring and testing security

  The fifth focus area of PCI-DSS requires regular monitoring of systems and activity, as well regular testing of controls.  Continue Reading

• PCI DSS requirements include strong access control procedures

  The fourth focus of PCI DSS requirements governs how organizations enable and restrict access to cardholder data and limit physical access to cardholder data.  Continue Reading

• PCI DSS requirement: Protect cardholder data

  The second PCI DSS focus area spells out how organizations must secure cardholder data they store and transmit.  Continue Reading

• How to achieve PCI DSS compliance in a midmarket business

  Learn about PCI DSS compliance for a midmarket business, including the standard's six areas of focus and how to document your organization's compliance.  Continue Reading

• Midmarket security governance: Develop an IT engagement model

  Midmarket IT organizations may follow an engagement model that facilitates the integration of information security into the business.  Continue Reading