I figured that since the PCI DSS compliance deadline for Level 1 merchants was this past Sunday that there would probably be a ton of published news reports about it on Monday. There were…and today as well! One that caught my eye was in eWeek on Monday, “Comparison Shows Very Little Shift in PCI Failures.”
Archive for the ‘Privacy and Compliance’ Category
Lack of testing, lack of built-in security, and inadequate protection for stored data lead list of PCI noncompliance items
Tuesday, October 2nd, 2007ABN Amro PII Breached Through P2P: Lessons Learned
Monday, October 1st, 2007Much is written about the risks P2P presents to organizations, but many organizations continue to implement P2P technologies, or more accurately allow their personnel to implement them on computers used for business, because they are willing to risk that the threat theories will not materialize within their own organizations.
The Need to Partner Privacy and IT Efforts *FINALLY* Makes The News!
Sunday, September 30th, 2007I have long been promoting the concept…more accurately, the NEED…of having IT/Information Security and Privacy (often in the legal area) work closely together in order to not only result in each area being the most effective and efficient in their efforts, but also to ensure no conflicting messages are being sent and no gaps in addressing these issues exist. It is additionally good for and improves business to have these areas work closely together; there are at least 20 overlapping topics these areas work on. Unfortunately too often the Privacy and IT/Information Security areas do not even come closely to working together.
A Hospital Actively Enforcing HIPAA Requirements!
Saturday, September 29th, 2007It is great to see a story published about a hospital, actually any type of organization that is a covered entity (CE), that is actively and seriously trying to be in compliance with HIPAA requirements.
4 Drivers For PCI DSS Compliance
Friday, September 28th, 2007Canadian Privacy Commissioners Release TJX Investigation Report
Tuesday, September 25th, 2007Yesterday the Office of the Privacy Commissioner of Canada and the Office of the Information and Prrivacy Commissioner of Alberta released their “Report of an Investigation into the Security, Collection and Retention of Personal Information” concerning the TJX breach. The investigation was performed to determine if, and if so to what extent, the incident was a violation of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and/or the Personal Information Protection Act (PIPA).
Security and Privacy Pros Believe…Yes! Privacy Still Does…Or At Least Can…Still Exist!
Monday, September 24th, 2007Last Friday I had the pleasure of discussing the question of, “Do We Have Privacy Anymore” with a group of highly regarded information security and privacy pros, including:
Use COSO for SOX and Other Compliance Activities
Sunday, September 23rd, 2007On September 17 the COSO “Guidance on Monitoring Internal Control Systems” discussion document was released, with public comment on the paper being accepted until October 31.
A Military Grade Encrypting Self-Destructing USB Drive Makes A Great Gift!
Saturday, September 22nd, 2007This morning I was doing some of my Christmas gift shopping…yes, I like to get mine done early! 🙂 Any way, I’m thinking about getting an Ironkey encrypted USB drive for some of my relatives who are in dire need of protecting their information better.
Deloitte Survey Shows the Need for Effective Training
Wednesday, September 19th, 2007Deloitte Touche Tohmatsu just released their “2007 Global Security Survey” report.
