SEARCH RESULTS
 
Showing 1-10 of 342 records
 
Expand article

Reverse Compliance or "Logs as Proof of Incompetence?"

2008-05-06 17:27:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...compliance (including my book chapter ) and overall logging for compliance. How about "reverse compliance" against logs Whaaaat? WTF is "reverse compliance Reverse compliance" is a motivation to purposefully avoid technologies that have a chance of telling you that you are NOT in compliance. Sadly , logging is featured very high on the list...
 
Tags: compliance, reverse compliance, logs, pci dss, pci dss requirements, pci dss compliance, compliance posture, compliance issues, issues
 
 
 
 
Expand article

Leveraging Compliance For Security

2008-02-18 18:15:05 by dmortman in securosis.com
 
...compliance Sarbanes-Oxley, GLBA, PCI, and there will undoubtedly be more in the coming years. As a result, vendors are pushing all sorts of products that purport to help solve the compliance problem. However, compliance is not a technology problem its a business problem which needs a business solution. By instituting sustainable business...
 
Tags: business processes, sustainable business processes, business processes tie, process, process implementation, processes, multi-owner processes, change management process, business continuity plans
 
 
 
 
Expand article

Are current vulnerability and compliance testing tools like answering the phone at 3am?

2008-05-19 23:16:18 by HASH0x8af1430 in StillSecure, After All These Years
 
...compliance testing last week. The requirements for this customer was not unusual. They wanted to test for conventional CVE type vulnerabilities. Additionally, they also wanted to test for configuration compliance. Hotfixes, patch level, AV, etc. This direction is where a lot of the traditional vulnerability management solutions have been...
 
Tags: compliance, configuration compliance, compliance status, status, prime time hours, time, network, detect devices, devices
 
 
 
 
Expand article

Is there a "silver bullet" to IT Compliance Management?

The Article has images
2007-12-06 13:12:00 by Ryan Shopp in practical risk management
...Compliance Management by: Ryan Shopp A few times I've found myself getting confused or having trouble explaining the relationships between policies, standards, controls, audits, etc when answering questions about IT Compliance & Risk Management? I came across a great two part thread in my blog reader that help crystallize things for me....
 
Tags: compliance, compliance management, silver bullet, compliance institute, standards, numerous standards organizations, compliance close, controls, compliance requirements
 
 
 
 
Expand article

PCI compliance, building the base

2008-06-12 11:54:22 by Burton Group in Security and Risk Management Strategies Blog
 
...compliance for SMBs? Well the process of PCI certification is similar to what a military branch would do to secure their information. Enterprises identify and classify what data falls under PCI compliance. They validate that the systems that contain the information are controlled properly and are locked down through processes and...
 
Tags: pci compliance, pci compliance requirements, military, top secret information, military branch, information, guard, guard houses, data
 
 
 
 
Expand article

PCI compliance, building the base

2008-06-12 11:54:22 by Burton Group in Security and Risk Management Strategies Blog
 
...compliance for SMBs? Well the process of PCI certification is similar to what a military branch would do to secure their information. Enterprises identify and classify what data falls under PCI compliance. They validate that the systems that contain the information are controlled properly and are locked down through processes and...
 
Tags: pci compliance, pci compliance requirements, military, top secret information, military branch, information, data, credit data, guard
 
 
 
 
Expand article

PCI compliance are you just checking the box?

2007-11-14 22:05:00 by Patrick McGregor in Data Protection, Management and Leakage
 
...compliance box instead of embracing the business benefits that PCI compliance can bring Is there value beyond just checking the box Yes PCI compliance efforts deliver significant value beyond the immediate data protection benefits. As part of becoming compliant, many retailers are being forced to rethink their systems, data paths, security...
 
Tags: pci, pci compliance, pci requires, address pci challenges, challenges, address, pci initiatives, retailers, data protection benefits
 
 
 
 
Expand article

Is PCI compliance creating a false sense of security?

2008-03-28 09:44:50 by Burton Group in Security and Risk Management Strategies Blog
 
...compliance statement Hannaford Supermarkets has been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is recognized as the accepted industry security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical...
 
Tags: pci compliance, compliant, pci compliant merchant, pci, pci compliance statement, merchant, pci compliant, pci dss, pci compliance measures
 
 
 
 
Expand article

Is PCI compliance creating a false sense of security?

2008-03-28 09:44:50 by Burton Group in Security and Risk Management Strategies Blog
 
...compliance statement Hannaford Supermarkets has been certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is recognized as the accepted industry security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical...
 
Tags: pci compliance, compliant, pci compliant merchant, pci, pci compliance statement, merchant, pci compliant, pci dss, pci compliance measures