Compliance
Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.
Top Stories
-
Tip
25 Jan 2023
Centralized services as a hedge against shadow IT's escalation
Proliferation of cloud, AI and integration tools has increased the deployment security risks of shadow IT and the need to centralize business functions and share support services. Continue Reading
-
Tip
19 Jan 2023
Building a shared services organization structure
Amid the shifting economic climate and new reality of hybrid workforces, there's no better time for companies to consolidate business functions and centralize support services. Continue Reading
-
Tip
23 Aug 2010
PAN truncation and PCI DSS compliance
What do Visa's PAN truncation guidelines mean for merchants and their acquiring banks? Security experts Ed Moyle and Diana Kelley provide analysis. Continue Reading
-
Feature
28 May 2010
FAQ: An introduction to the ISO 31000 risk management standard
Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk. Continue Reading
-
News
18 May 2010
Should there be PCI security requirements for bank account data?
Gartner analyst wonders why no PCI-like standard exists for bank account information, which online criminals are targeting. Continue Reading
-
Tip
18 Feb 2010
Applying the ISO 27005 risk management standard
The ISO 27005 risk management methodology standard has weaknesses when it comes to risk measurement. "Fuzzy math" theory can help fill the gaps. Continue Reading
-
Tip
08 Feb 2010
Best practices and requirements for GLBA compliance
GLBA requirements to protect personal information have become more relevant than ever. In this tip, Paul Rohmeyer examines best practices for GLBA compliance. Continue Reading
-
Tip
22 Jan 2010
Lack of incident response plan leaves hole in compliance strategy
Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow. Continue Reading
-
Tip
09 Sep 2009
Does using ISO 27000 to comply with PCI DSS make for better security?
PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security. Continue Reading
-
Tip
24 Aug 2009
PCI DSS compliance requires new vendor management strategy
Requirement 12.8 requires a better vendor management strategy for PCI DSS compliance. Continue Reading
-
Podcast
17 Jun 2009
Business model risk is a key part of your risk management strategy
Management consultants Amit Sen and John Vaughan discuss business model risk, a way to apply risk management policies to new or changed business processes. Continue Reading
-
Tip
15 Jun 2009
How to mitigate operational, compliance risk of outsourcing services
Companies must have an approach to evaluating partner risk, the level of risk of both the service and the provider, and the adequacy of the security practices of the provider. Continue Reading
-
Blog Post
19 Mar 2009
How do you align an IT risk assessment with COBIT controls?
[One of our readers, compliance officer Ramon de Bruijn, wrote to the editors of SearchCompliance.com at [email protected] last month looking for some advice. Specifically, he asked "What ... Continue Reading
-
Answer
11 Mar 2009
How to avoid HIPAA Social Security number compliance violations
It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer. Continue Reading
-
Tip
05 Feb 2009
What controls can compensate when segregation of duties isn't economically feasible?
Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains. Continue Reading
-
Tip
02 Dec 2008
PCI DSS 3.1 requirement best practices
Requirement 3.1 of the PCI Data Security Standard requires minimum cardholder data storage. In this tip, learn how to determine how much data your organization should store. Continue Reading
-
Answer
09 Jul 2008
Is the Orange Book still relevant for assessing security controls?
Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluation that replaced it. Continue Reading
-
Answer
10 Mar 2008
Does SOX provision email archiving?
Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Continue Reading
-
Tip
16 Jan 2008
PCI compliance after the TJX data breach
The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Continue Reading
-
Quiz
16 Nov 2007
Quiz: PCI DSS compliance -- Two years later
A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. Continue Reading
-
Feature
01 Mar 2003
IT security auditing: Best practices for conducting audits
Even if you hate security audits, it's in your best interest to make sure they're done right. Continue Reading