SecurityRatty: tag: compliance

Reverse Compliance or "Logs as Proof of Incompetence?"

2008-05-06 17:27:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...compliance (including my book chapter ) and overall logging for compliance. How about "reverse compliance" against logs Whaaaat? WTF is "reverse compliance Reverse compliance" is a motivation to purposefully avoid technologies that have a chance of telling you that you are NOT in compliance. Sadly , logging is featured very high on the list...

A Few More Words on DLP and Compliance

2008-08-15 14:51:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...compliance. At first, it was truly amazing to me that DLP vendors "under-utilize" compliance in their messaging. In other words, they don't push the "C-word" as strongly as many other security companies. Compliance dog doesn't snarl at you from their front pages and it doesn't bite you in you ass when you read the whitepapers, etc. Sure, it...

Tags: dlp, compliance, dlp in-depth portal, procure dlp, pci dss, data, data governance, pci dss requirements, mention dlp

Compliance is critical

2008-07-15 15:25:12 by JonesJ in RiskAnalys.is

Compliance has been getting a bad rap lately, and Im here to set the record straight compliance is CRITICAL Now, those of you who know me are probably picking your jaws up off the floor and asking whether Ive suffered a stroke, have started drinking heavily, or have a gun pressed to my temple by a regulator or someone from the PCI lobby. Nope. I...

Tags: organizations risk exposure, risk exposure, risk, affects risk, compliance, ability, organizations ability, organizations, partys risk posture

Fun Reading on Security and Compliance #10

2008-12-09 10:13:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...Compliance ." Here is an issue #10, dated December 8th, 2008 (read past ones here ). I admit that some stuff has been sitting in my 2blog queue for way too long, but you know what? If it is relevant after a few weeks of cooling down, it is even more worth reading SOA Security in Real Life if you have to read up on SOA security, you really...

Tags: special pci dss, pci dss, pci, security, pci security, offensive information security, information security, pci-dss program, measure security roi

Are current vulnerability and compliance testing tools like answering the phone at 3am?

2008-05-19 23:16:18 by HASH0x8af1430 in StillSecure, After All These Years

...compliance testing last week. The requirements for this customer was not unusual. They wanted to test for conventional CVE type vulnerabilities. Additionally, they also wanted to test for configuration compliance. Hotfixes, patch level, AV, etc. This direction is where a lot of the traditional vulnerability management solutions have been...

Tags: compliance, configuration compliance, compliance status, status, prime time hours, time, network, detect devices, devices

Is there a "silver bullet" to IT Compliance Management?

2007-12-06 13:12:00 by Ryan Shopp in practical risk management

...Compliance Management by: Ryan Shopp A few times I've found myself getting confused or having trouble explaining the relationships between policies, standards, controls, audits, etc when answering questions about IT Compliance & Risk Management? I came across a great two part thread in my blog reader that help crystallize things for me....

Tags: compliance, compliance management, silver bullet, compliance institute, standards, numerous standards organizations, compliance close, controls, compliance requirements

PCI compliance, building the base

2008-06-12 11:54:22 by Burton Group in Security and Risk Management Strategies Blog

...compliance for SMBs? Well the process of PCI certification is similar to what a military branch would do to secure their information. Enterprises identify and classify what data falls under PCI compliance. They validate that the systems that contain the information are controlled properly and are locked down through processes and...

Tags: pci compliance, pci compliance requirements, military, top secret information, military branch, information, guard, guard houses, data

PCI compliance, building the base

2008-06-12 11:54:22 by Burton Group in Security and Risk Management Strategies Blog

...compliance for SMBs? Well the process of PCI certification is similar to what a military branch would do to secure their information. Enterprises identify and classify what data falls under PCI compliance. They validate that the systems that contain the information are controlled properly and are locked down through processes and...

Tags: pci compliance, pci compliance requirements, military, top secret information, military branch, information, data, credit data, guard

PCI compliance are you just checking the box?

2007-11-14 22:05:00 by Patrick McGregor in Data Protection, Management and Leakage

...compliance box instead of embracing the business benefits that PCI compliance can bring Is there value beyond just checking the box Yes PCI compliance efforts deliver significant value beyond the immediate data protection benefits. As part of becoming compliant, many retailers are being forced to rethink their systems, data paths, security...

Tags: pci, pci compliance, pci requires, address pci challenges, challenges, address, pci initiatives, retailers, data protection benefits

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo