CSOONLINE.com - PCI and Compliance

WS Meltdown Could Spur Risk Management Spending

Wed, 01 Oct 2008 04:00:00 GMT

Competition and regulation after the crisis will likely increase interest in technology to manage risk.

Vetoed Data Breach Bill Goes to Schwarzenegger Again

Thu, 04 Sep 2008 04:00:00 GMT

An amended version of a closely watched data breach bill that was vetoed by California Gov. Arnold Schwarzenegger last October is once again headed to his desk for approval.

Presented By:

Ads by Pheedo

PCI Council to Merchants: Kiss Your WEP Goodbye

Bill Brenner — Fri, 22 Aug 2008 04:00:00 GMT

Bob Russo and Troy Leach of the PCI Security Standards Council explain why ending WEP is key to bolstering wireless security.

FUD Watch | Vendor Hype Escalates Over PCI Deadline

Bill Brenner — Fri, 27 Jun 2008 04:00:00 GMT

Monday is the day merchants must be in compliance with PCI DSS Requirement 6.6. That means the security vendor PR machine is in overdrive.

Researchers: Notification Laws Not Lowering ID Theft

Robert McMillan — Thu, 05 Jun 2008 04:00:00 GMT

Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University.

Security Agency Calls For EU Laws on Breach Disclosure

Mon, 02 Jun 2008 04:00:00 GMT

A European Union-wide advisory body this week called for security breach disclosure regulations tougher than those in the U.S. as a step toward raising awareness of the seriousness of security threats.

Cyberattacks a Sarbanes-Oxley Issue?

Thu, 10 Apr 2008 04:00:00 GMT

Kevin Coleman of Technolytics Institute says cyberattack concerns are starting to appear in SEC filings.

Threat Watch | Cold Boot: Should New Attack on Encrypted Disks Change the Way Lawmakers Approach Disclosure Legislation 'Safe Harbors'?

Rick Cook — Fri, 04 Apr 2008 04:00:00 GMT

Recent research from Princeton, McGraw Security Services illustrates how the lack of encryption specifications in legislation could put consumer data at risk.

The Complete Guide to Security Breach Disclosure

Sarah D. Scalet — Fri, 29 Feb 2008 05:00:00 GMT

Six-part set of articles takes 360-degree look at the implications of new laws that require organizations to notify people whose personal information has been compromised

CSO Disclosure Series | User Education: How to Respond to a Data Breach Disclosure

Kathleen Carr — Wed, 20 Feb 2008 05:00:00 GMT

Just find out that your personal information has been compromised? Here’s what to do.

How to Make Guests Feel at Home (and Still Comply with PCI and SOX Too)

Katherine Walsh — Fri, 15 Feb 2008 05:00:00 GMT

The head of information security for the company that owns the Grand Ole Opry gives a snapshot of his road to SOX compliance

CSO Disclosure Series | Data Breach Notification Laws, State By State

Scott Berinato — Tue, 12 Feb 2008 05:00:00 GMT

Five years after California's landmark SB 1386, our interactive map shows you which 38 states have passed laws requiring companies to notify consumers whose personal information has been compromised. Part of an in-depth series about disclosing security breaches.

CSO Disclosure Series | What's Next with Disclosure Legislation?

Scott Berinato — Mon, 11 Feb 2008 05:00:00 GMT

An interview with lawyer and breach notification expert Tanya Forsheit on why the United States still doesn’t have a federal breach notification law. Part of an in-depth series about disclosing breaches

CSO Disclosure Series | The Dos and Don'ts of Disclosure Letters

Scott Berinato — Wed, 06 Feb 2008 05:00:00 GMT

One security breach, two letters, 11 lessons in the art of telling customers you screwed up. Two PR pros deconstruct the messages that Monster.com and USAJOBS were really giving to customers whose personal information had been disclosed. Part of an in-depth series about disclosing breaches.

CSO Disclosure Series | What California's New Medical Disclosure Law Means for the Rest of Us

Katherine Walsh — Mon, 04 Feb 2008 05:00:00 GMT

New state law AB 1298, aimed at reducing instances of medical identity theft, could prompt similar legislation elsewhere, but experts are still unsure whether out-of-state companies with information about Californians must comply