CSOONLINE.com - Compliance

Gary Hinson on ISO/IEC 27000

Bill Brenner — Mon, 17 Nov 2008 05:00:00 GMT

An IT governance specialist tells security pros about forthcoming updates to the influential ISO/IEC 27000 family of standards. (Part of the What Happens Next security predictions series.)

3 Reasons Why Employees Don't Follow Security Rules

Joan Goodchild — Wed, 29 Oct 2008 04:00:00 GMT

A recent survey finds employees continue to ignore security policies. (Surprise, surprise.) Here's a reminder about what often is missing in organizations that tempts workers to walk the wrong side of security law.

Judge Orders Palin to Preserve Yahoo E-mails

Tue, 14 Oct 2008 04:00:00 GMT

Messages that concern state business from hacked account must be saved, Alaska judge rules.

PCI Application Security: Who's Guarding the Data Bank?

Fri, 10 Oct 2008 04:00:00 GMT

Ben Rothke and David Mundhenk offer compliance strategies for PCI's new application security requirements.

New DOJ Rules on Corporate Prosecution: What Do They Mean For CSOs?

Joan Goodchild — Wed, 01 Oct 2008 04:00:00 GMT

The DOJ has recently revised its guidelines for prosecuting business organizations to assist prosecutors in deciding under what circumstances to bring corporate charges. Will these new changes make life easier for CSOs? Or does it mean even more vigilance when it comes to areas like records protection and retention?

IT Security: Can We Be Compliant and Yet Insecure?

Mon, 22 Sep 2008 04:00:00 GMT

Bill Sieglein on how to go beyond regulatory checklists.

Providence Health CSO on Recovering From HIPAA Violations

Bill Brenner — Mon, 11 Aug 2008 04:00:00 GMT

Eric Cowperthwaite, CSO of Seattle-based Providence Health & Services, opens up about the organization's efforts to bounce back from HIPAA violations.

Telecommuting Poses Security, Privacy Risks

Wed, 30 Jul 2008 04:00:00 GMT

A new study finds that allowing employees to work from home and telecommute poses security and privacy risks that are not being addressed adequately by business or government.

State Breach Disclosure Laws - Update

Joan Goodchild — Tue, 29 Jul 2008 04:00:00 GMT

Five states (and D.C.) have put data breach disclosure laws in the books in recent months. Article includes links to full text of each law.

Former ISACA Head: SAS 70 Changes Coming

Bill Brenner — Fri, 25 Jul 2008 04:00:00 GMT

Marios Damianides, a partner in Ernst & Young's technology and security risk services group and past president of ISACA's board of directors, expects changes for SAS 70 and more collaboration between security and non-security management groups.

Rules of Evidence - Digital Forensics Tools

Mary Brandel — Wed, 04 Jun 2008 04:00:00 GMT

Searching for clues? Here's how to investigate and use digital forensics and e-discovery tools.

Digital Forensics Software: The Usual Suspects

Mary Brandel — Wed, 04 Jun 2008 04:00:00 GMT

The four key players in digital forensics software: Guidance, AccessData, Paraben and Technology Pathways

Threat Watch | Cold Boot: Should New Attack on Encrypted Disks Change the Way Lawmakers Approach Disclosure Legislation 'Safe Harbors'?

Rick Cook — Fri, 04 Apr 2008 04:00:00 GMT

Recent research from Princeton, McGraw Security Services illustrates how the lack of encryption specifications in legislation could put consumer data at risk.

The Complete Guide to Security Breach Disclosure

Sarah D. Scalet — Fri, 29 Feb 2008 05:00:00 GMT

Six-part set of articles takes 360-degree look at the implications of new laws that require organizations to notify people whose personal information has been compromised

How to Make Guests Feel at Home (and Still Comply with PCI and SOX Too)

Katherine Walsh — Fri, 15 Feb 2008 05:00:00 GMT

The head of information security for the company that owns the Grand Ole Opry gives a snapshot of his road to SOX compliance