Posts Tagged ‘PCI’

Supporting Compliance With ITIL

Tuesday, December 18th, 2007

Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

Lack of testing, lack of built-in security, and inadequate protection for stored data lead list of PCI noncompliance items

Tuesday, October 2nd, 2007

I figured that since the PCI DSS compliance deadline for Level 1 merchants was this past Sunday that there would probably be a ton of published news reports about it on Monday. There were…and today as well! One that caught my eye was in eWeek on Monday, “Comparison Shows Very Little Shift in PCI Failures.”

(more…)

Tags:, , , , , , , ,
Posted in Information Security, Privacy and Compliance | No Comments »

Retail Locations Have Unique Challenges With PCI DSS Compliance

Friday, July 27th, 2007

I’ve been intrigued lately with PCI DSS compliance. It has all retailers on edge, has multiple vendors drooling, and has spawned new laws and bills, such as in Minnesota and Texas. I’ve had interesting discussions about it with those who process credit card payments, and I’ve been doing some research into the various issues.

(more…)

Tags:, , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | No Comments »

PCI DSS and Identity Theft

Monday, July 23rd, 2007

Over the past month or so I’ve been discussing the Payment Card Industry (PCI) Data Security Standards (DSS) with some of my information assurance practitioner friends and colleagues and what they’ve been doing to meet the requirements and accompanying challenges. I was thinking about some of the issues over the weekend.

(more…)

Tags:, , , , , , , , , , , , , , , , ,
Posted in identity theft, Information Security, Privacy and Compliance | No Comments »

PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX

Sunday, February 4th, 2007

Let’s look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:

(more…)

Tags:, , , , , , , , , , , , ,
Posted in identity theft, Information Security, Laws & Regulations, Privacy and Compliance, Privacy Incidents | 2 Comments »

Regulatory Compliance Actions Must Include Effective, ongoing Awareness and Training Efforts

Friday, December 29th, 2006

A great article was published on Law.com today written by Ryan Sulkin, “First Line of Defense Against Data Security Breaches: Employees.”
There are several points made that I hope business leaders read and take to heart.

(more…)

Tags:, , , , , , , , ,
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »