Security audit, compliance and standards

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.

June 26, 2020 26 Jun'20
COVID-19 tech will fail without employee privacy

Businesses can choose from a growing number of mobile apps and Wi-Fi software to protect workers from COVID-19. But tech won't succeed without top-of-the-line privacy protection.
May 30, 2012 30 May'12
Cloud study debunks Patriot Act assumptions

Law firm study of 10 countries finds that all allow government to access cloud data
March 05, 2012 05 Mar'12
Experts demystify the complexity of PCI compliance in the contact center

In the second part of a two-part podcast, Diana Kelley and Lori Bocklund discuss staffing, process and new technology concerns for PCI DSS compliance in the contact center.
March 02, 2012 02 Mar'12
Debating PCI DSS compliance in the contact center and the ‘police state’: Two perspectives

A contact center and a PCI security expert discuss PCI DSS’s stringent physical facility requirements and how contact centers can prepare for them in a two-part podcast.

Learn to apply best practices and optimize your operations.

Five things to do before your first PCI DSS compliance audit

Put these steps in motion before your organization's first PCI DSS compliance audit. Continue Reading
PCI DSS: Writing an information security policy

The final set of PCI requirements relates to maintaining a security policy, and also addresses awareness training, personnel screening and managing service provider relationships. Continue Reading
Don't forget the cleaning crew in your vendor management program

Banks often overlook non-IT vendors in their vendor management program, putting their organization and customers' data at risk, experts say Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

PCI DSS requirement: Monitoring and testing security

The fifth focus area of PCI-DSS requires regular monitoring of systems and activity, as well regular testing of controls. Continue Reading
PCI DSS requirements include strong access control procedures

The fourth focus of PCI DSS requirements governs how organizations enable and restrict access to cardholder data and limit physical access to cardholder data. Continue Reading
By addressing data privacy, companies avoid public scrutiny

Some organizations may believe data privacy laws don't affect them, but those groups may be deluding themselves. Authors Craig Norris and Tom Cadle explain why, and offer a comprehensive overview of the responsibilities that come with handling ... Continue Reading