http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12707.html Integrated Bank Technology (IBT), a company that specializes in engineering robust software applications and provides 24/7 support services to community financial institutions, announced that it has formed a partnership with Plainfield, Ill.-based Recovery Solutions, a comprehensive disaster recovery service provider. With its current real time replication model integrated within the software, IBT has raised the bar on disaster recovery capabilities keeping costly service disruptions to a minimum for its customers. IBTs new partnership with Recovery Solutions will complement those efforts and add business continuity planning to its innovative solutions package. The Federal Financial Institutions Examinations Council (FFIEC), a federal interagency regulatory organization that creates and enforces principles and standards for the federal examination of financial institutions, recently made revisions to its business continuity planning criteria in hopes to reduce negative effects on fina http://www.compliancehome.com/news/FFIEC/12707.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12706.html Verizon Business announced several enhancements to its Partner Security Program (PSP), which helps customers address the increased security risks associated with opening up corporate networks to partners, vendors, customers and other business units. The enhancements consist of additional support for the Payment Card Industry Data Security Standard (PCI DSS), customized reporting capabilities across multiple security standards and regulations, as well as the ability to better manage supporting documentation. The enhanced program provides an extended enterprise - a business and all its locations, customers, suppliers, partners and employees - with a comprehensive view of its partners information security activities and a Web-based platform for automated compliance management and reporting. http://www.compliancehome.com/news/FFIEC/12706.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12667.html Grupo Gesfor and Ounce Labs announced a global alliance partnership to provide Ounce Lab's application security solutions throughout Spain and Latin America. Grupo Gesfor will provide marketing, sales, and implementation support to companies in these regions interested in Ounce Labs' leading source code analysis solution that addresses the increasing risks insecure software poses to their brands and ongoing operations. Grupo Gesfor has a proven track in working with best of breed IT security solutions and implementing software security tools. Grupo Gesfor will work with Ounce Labs to expand its presence in Latin America and Spain by working closely with the company and its subsidiaries in countries including Argentina, Brazil, Chile, Colombia, Panama, Peru, Mexico and Venezuela to manage their customer's application risk by identifying and remediating security issues caused by software security vulnerabilities. http://www.compliancehome.com/news/FFIEC/12667.html Tue, 22 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12665.html Safend, provider of endpoint Data Leakage Prevention (DLP) solutions, announced the release of Safend Reporter, a data analysis tool that reports on data accessed by removable storage devices and wireless ports, providing extensive security and operational reporting that enables data security and regulatory compliance. Safend Reporter is offered as an add-on module to Safend Protector and provides a graphical, high-level view of the organization's status, allowing administrators to quickly and easily detect irregular or suspicious behavior. The reports present data in a clear and easy-to-understand dashboard format that can benefit all viewers, including non-technical personnel and executives. Through drill-down capabilities, Safend Reporter also delivers detailed reports to data security personnel within the organization. The security reporting tool enables easy detection of specific employees and departments that frequently disregard internal security policies, while the administrati http://www.compliancehome.com/news/FFIEC/12665.html Tue, 22 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12659.html AlterPoint announced the release of advanced network security and compliance capabilities for NetworkAuthority, its flagship open network management solution, which will help customers automatically discover, prioritise and remediate network vulnerabilities and compliance policy violations as they occur. As a result, enterprises will be able to reduce the time, cost and level of expertise required to keep complex, multi-vendor networks audit-ready and secure against constantly evolving threats. As the complexity of managing network security continues to increase, our customers are looking for a more efficient and cost-effective alternative to manual management processes, said Roddy MacLennan, sales director at Devoteam UK. We recommend adoption of an automated management solution that enforces security and compliance policies and eliminates the need to manage configurations at the device level. http://www.compliancehome.com/news/FFIEC/12659.html Tue, 22 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12658.html Qualys announced QualysGuard 6.0, an upgrade to its flagship solution for vulnerability and compliance management. QualysGuard 6.0 enables security managers, as well as key organisation executives, including business line managers, members of the board and auditors, to get an on demand view of IT security and compliance within the enterprise. QualysGuard 6.0 offers new metrics reporting supported by scorecards and secure, collaborative report distribution workflows which help operations and IT staff to be efficient and communicate effectively with auditors and executive management. QualysGuard 6.0 is an integral component of the QualysGuard Security and Compliance Suite also being demonstrated at the Infosecurity Europe tradeshow for the first time in Europe. The QualysGuard Software-as-a-Service (SaaS) suite helps organisations worldwide manage the ongoing convergence of security and policy compliance efforts. http://www.compliancehome.com/news/FFIEC/12658.html Mon, 21 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12655.html Global DataGuard, provider of Enterprise Unified Threat Management for small and medium business to large enterprise environments, today announced that it is offering a full suite of enterprise-class products and services to assist healthcare organizations in successfully implementing Security Standards outlined by the Health Insurance Portability and Accountability Act (HIPAA). Utilizing a fully integrated portfolio of Enterprise UTM products and world-class managed and professional services, Global DataGuards HIPAA compliance solution provides for risk-based network assessment, auditing and planning for administrative, physical and technical safeguards, and includes a comprehensive behavioral-based network security architecture to help organizations efficiently and cost-effectively protect confidential healthcare data and electronic healthcare transactions. http://www.compliancehome.com/news/FFIEC/12655.html Tue, 15 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12624.html Orchestria has announced that its Intelligent Compliance Suite has been deployed for full-service brokerage and investment banking firm Scott & Stringfellow, a subsidiary of BB&T Corporation. Orchestria's policy-based Intelligent Compliance software is employed to analyze all electronic communication channels in support of SEC, FINRA, and company governance priorities. Scott & Stringfellow has also chosen to implement Orchestria's desktop and server agents throughout its organization. http://www.compliancehome.com/news/FFIEC/12624.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12613.html Research and Markets has announced the addition of EthicsPoint: Transforming Compliance into Business Process ROI to their offering. Portland, Oregon-based SaaS service provider EthicsPoint focuses on turning ethical and compliance issues into business practices that reach beyond HR and corporate attorneys offices to support actions and provide benefits throughout the organization. Founded in 1999, EthicsPoint focuses on highly regulated industries such as banking and financial, mining, health care, pharmaceuticals, retail, manufacturing, and transportation. http://www.compliancehome.com/news/FFIEC/12613.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12612.html E-xact Transactions, provider of advanced payment gateway solutions has once again achieved full compliance with the Payment Card Industry (PCI) Data Security Standard (DSS).Being PCI compliant assures that E-xact can offer payment solutions for merchants to manage their transactions online with our Realtime Payment Manager application, RPM. PCI DSS was developed globally to ensure merchants and service providers adopt best practices to enhance their payment account security. For more information about the PCI DSS visit www.pcisecuritystandards.org. http://www.compliancehome.com/news/FFIEC/12612.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12606.html Achieving compliance with the Payment Card Industry Data Security Standard ('PCI DSS') is a priority issue for all merchants accepting credit and debit cards. To help project managers, executives and security officers tasked with delivering compliance, IT Governance has launched 'PCI DSS: A Practical Guide to Implementation', which offers focused advice on how to build and maintain a sustainable PCI DSS compliance programme. The PCI DSS must be met by all merchants that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions and significant brand damage. http://www.compliancehome.com/news/FFIEC/12606.html Thu, 10 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12589.html The Payment Card Industry Security Vendor Alliance (PCI SVA) announced the launch of the PCI Knowledge Base, a research program designed to help merchants, assessors, banks, processors and vendors anonymously share PCI knowledge and experience. According to Visa, the percentage of large merchants that met PCI Data Security Standard (PCI DSS) compliance more than doubled over the last eight months. This spike in compliant companies prompted the PCI SVA, a member organization that offers institutions and card processors products and services to achieve PCI DSS compliance, to create the PCI Knowledge Base. http://www.compliancehome.com/news/FFIEC/12589.html Tue, 08 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12567.html Tizor Systems, provider of enterprise database auditing and protection solutions for the data center, today announced a technology alliance with ArcSight, a leading global provider of compliance and security management solutions. This partnership was formed to address a major need for integrated solutions that provide a comprehensive, enterprise-class approach to data security. The partnership, which will be promoted through ArcSight's EnterpriseView Partner Program, will help customers safeguard critical data assets, control data risk and meet a wide range of compliance requirements. The integration between Tizor Mantra and ArcSight ESM will allow for correlation, analysis, viewing and response to all incidents across the enterprise -- providing enterprises with a single, unified view into security and compliance incidents. http://www.compliancehome.com/news/FFIEC/12567.html Tue, 08 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12566.html McAfee announced the formation of a new business unit focused on IT governance, risk and compliance. The new Risk and Compliance Business Unit will focus on driving innovation and extending McAfee's lead in security risk management. Led by George Kurtz, senior vice president and general manager at McAfee, the business unit will accelerate McAfee's leadership position in the rapidly growing governance, risk and compliance market. Government regulations and corporate policies demand that businesses prove their ability to comply with IT security policies designed to minimize risk. The Risk and Compliance Business Unit will provide McAfee with a greater focus on aggressively enhancing, integrating and adding content to its current risk and compliance offerings. The company will also concentrate efforts to include tighter cross-product integration with other McAfee products. http://www.compliancehome.com/news/FFIEC/12566.html Tue, 08 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12558.html dentity Engines and Novacoast, announced that Identity Engines' Ignition Server has successfully passed Novacoast's stringent security evaluation bench test and will be resold by Novacoast. The partnership leverages both companies' deep expertise in Novell identity and security management solutions as well as rapid deployment of role-based network access solutions for education and health care. Identity Engines' Ignition platform quickly neutralizes network vulnerabilities by locking down open Ethernet ports in offices and conference rooms, wireless access points in public areas and remote access connections. Organizations that utilize Novell identity and security management solutions can ensure auditable, differentiated network access for students, employees, patients, visitors and contractors while enforcing compliance with regulatory standards including PCI, HIPAA, JCAHO, FERPA, DMCA and CALEA. Identity Engines' out-of-box integration with LDAP-based identity stores, including Novel http://www.compliancehome.com/news/FFIEC/12558.html Mon, 07 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12554.html Finjan has released version 9.0 of its Vital Security Web appliances utilizing patented real-time content inspection technologies. Finjans award-winning appliances prevent Crimeware and malicious Web 2.0 content from infiltrating corporate networks and stealing business data. By inspecting inbound and outbound web traffic, malicious content is prevented in real time, also when hiding in SSL traffic. Vital Security version 9.0 introduces a new active real-time inspection technology from Finjan research lab. With this new version, organizations are equipped with an integrated dashboard that provides real-time information on the systems performance and security risk level. It uses an extensive set of graphs and views for quick and accurate insight. Security policies are managed quickly and easily with Finjans easy to use security policy decision-making system which includes a single-click rules refinement. http://www.compliancehome.com/news/FFIEC/12554.html Mon, 07 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12553.html WinMagic announced that SecureDoc data protection software now supports UPEK fingerprint authentication. The companies' integrated solution is being demonstrated - for the first time - at the RSA Conference 2008. Enterprise businesses and government organizations face significant risks and penalties when laptops or portable storage media, containing valuable data assets or personal identifiable information (PII), go missing. SecureDoc's comprehensive end point data protection suite safeguards proprietary information and PII stored on mobile computers and portable media. With added support for UPEK fingerprint authentication, SecureDoc raises the stakes for both security and end user convenience, while reducing IT support costs. http://www.compliancehome.com/news/FFIEC/12553.html Mon, 07 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12552.html ArcSight announced the availability of a new PCI (Payment Card Industry) Knowledge Base and the findings of a recently fielded PCI research report. The PCI Knowledge Base and research program were launched by the PCI Security Vendor Alliance. The Knowledge Base program allows merchants, assessors, bankers, card processors, security vendors and PCI consultants to anonymously share information online on how to become PCI compliant. The findings of the current research report highlight the trends and statistics that have emerged as companies have gone through the process of becoming PCI compliant. ArcSight supported the collection of the data and is a platinum member of the PCI Security Vendor Alliance. The PCI Knowledge Base contains more than 1,200 separate anonymous comments from merchants, assessors, bankers, card processors, security vendors and PCI consultants, as well as advice from a panel of approximately 30 experts. Visitors to the research program's web site can glean findings http://www.compliancehome.com/news/FFIEC/12552.html Thu, 03 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12527.html Configuresoft, announced that Convergys has selected Configuresoft's Enterprise Configuration Manager (ECM) to help manage and maintain compliance with multiple regulatory and industry standards including PCI DSS (Payment Card Industry Data Security Standard). Convergys is a global leader in relationship management with more than half of the Fortune 50 companies as its clients. Convergys selected ECM for its scalability, performance, rapid and granular data collection of IT assets, industry leading compliance content and templates, and enterprise remediation capabilities. http://www.compliancehome.com/news/FFIEC/12527.html Wed, 02 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12521.html izor Systems, provider of enterprise database auditing and protection solutions, announced Mantra version 5.9 with advanced features for usability, scalability and compliance coverage. New features include automated policy creation for faster time to deployment; advanced analytics for mitigating data risk in real-time; and an enhanced user interface for the most intuitive, easy to use solution for business, compliance and technical users. Mantra 5.9 installs and deploys faster than other solutions and policies are easier to generate and maintain, contributing to a lower total cost of ownership. With Mantras compliance templates and Policy Wizard, companies can rapidly address database security, internal data governance and a wide range of external compliance requirements and industry standards such as SOX, GLBA, FFIEC and PCI. http://www.compliancehome.com/news/FFIEC/12521.html Tue, 01 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12517.html Symark International, developer of the PowerSeries information security solutions for managing privileged account access, announced the general availability of PowerADvantage, a new integrated authentication and configuration solution that extends Active Directory's centralized authentication, authorization, account access, policy enforcement and infrastructure management functionality to UNIX and Linux systems. PowerADvantage reduces administration costs, improves security and supports compliance efforts by allowing organizations to centrally manage disparate UNIX/Linux user identifications, authentication, security policies and automatic deployment of configuration settings through Microsoft Active Directory, creating a unified, single login environment. http://www.compliancehome.com/news/FFIEC/12517.html Tue, 01 Apr 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12516.html Peak 10, an independent data center operator and managed services provider has added Secure Harbor Data Vaulting to its growing and diverse customer portfolio. Secure Harbor, a provider of data protection software, will receive world-class data center services out of Peak 10s state-of-the-art Atlanta facility. Our clients expect a high level of support and security for their mission critical data, said Marc Gray, chief executive officer of Secure Harbor Data Vaulting. We partnered with Peak 10 so that our customers applications are well protected and available around the clock. Peak 10s impeccable support and services have enhanced our business model and added depth to our technology offerings. http://www.compliancehome.com/news/FFIEC/12516.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12488.html Recent breaches around the world, amounting to billions of dollars, has shaken the worlds business community into closely scrutinizing their back-office security controls. Companies such as Cyber-Ark Software are seeing an unprecedented demand from corporations globally looking for solutions that will securely manage their privileged identities. Cyber-Ark Software released a breakthrough approach to securing application-to-application credentials which has been timely in light of predictions that both Jerome Kerviel at Socit Gnrale and the anonymous informant who gave out customers details at the Liechtenstein Bank, part of the LGT Group to both the German and UK Tax Authorities, were able to do so due to the lack of security controls over privileged users. Enterprise Password Vault (EPV) 4.5 addresses the full range of security and audit challenges surrounding application identities within applications, scripts and application servers. http://www.compliancehome.com/news/FFIEC/12488.html Tue, 25 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12483.html Columbitech, the worlds most deployed mobile VPN provider, today announced its Management Server, a centralized reporting tool which automates audit requirements for businesses which are under pressure to meet compliance regulations, such as PCI, HIPAA and Sarbanes-Oxley. This allows businesses to effortlessly maintain compliance without sacrificing security by automating processes that would otherwise be labor-intensive to maintain manually saving significant time and money. The Columbitech Management Server administers individual VPN servers at each business location through a secure link and provides management with the information necessary for audits, such as detailed log files and audit trail histories. The system collects data from distributed business locations and manages it from one location. With one click, management can pull data at any given time. For example, they can run detailed reports showing session activity that took place in every business location and change o http://www.compliancehome.com/news/FFIEC/12483.html Mon, 24 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12470.html Coviant Software, supplier of file transfer management software, improves access management for better security and more complete compliance with regulatory mandates. Access management is a critical component of a secure, compliant file transfer process, which includes correct identification of users and processes, granting appropriate access permission, and capture of access data for tracking and reporting. A recent Forrester survey identified encryption and access control as the top two challenges for PCI compliance. The newest release of Diplomat Transaction Manager provides access control that integrates with pre-existing user authentication systems and captures detailed information on all user activities. http://www.compliancehome.com/news/FFIEC/12470.html Thu, 20 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12458.html LogLogic announced new straightforward appliances architected and priced specifically for the enterprise mid-market (annual revenues between $400 million and $1 billion). Without compromising the features and functionality that have made LogLogic the log management leader among the Fortune 500, these new log management appliances provide comprehensive log data compliance mandate assurance while making it easy for mid-market systems administrators to install, configure, operate and maintain them. Compliance mandates - including the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) - now require companies to track, manage, and report on their log data in order to comply with regulations and promote internal security and availability. http://www.compliancehome.com/news/FFIEC/12458.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12451.html Network Frontiers has released Q1 2008 Unified Compliance Framework (UCF), the first independent database to simplify IT compliance. This latest version of the UCF harmonizes cross platform configuration management controls into a single set of harmonized controls, furthering UCF as the standard approach to integrated compliance. UCF acts as the cornerstone of IT compliance, mapping hundreds of regulations, including PCI-DSS (Payment Card), Sarbanes-Oxley, HIPAA, CobiT, and NIST, into a master hierarchal framework. Our approach is unique: only the UCF harmonizes IT controls from over 400 international regulatory requirements, standards, and guidelines from both technical and legal perspectives, stated Dorian Cougias, CTO of Network Frontiers. Rather than testing and asserting compliance for each individual regulation, IT organizations use the UCF to save an incredible amount of time and money by distilling compliance requirements to their essence and asserting compliance across multipl http://www.compliancehome.com/news/FFIEC/12451.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12449.html LogLogic has announced new straightforward appliances architected and priced specifically for the enterprise mid-market (annual revenues between $400 million and $1 billion). Without compromising the features and functionality that have made LogLogic the log management leader among the Fortune 500, these new log management appliances provide comprehensive log data compliance mandate assurance while making it easy for mid-market systems administrators to install, configure, operate and maintain them. Compliance mandates - including the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) - now require companies to track, manage, and report on their log data in order to comply with regulations and promote internal security and availability. http://www.compliancehome.com/news/FFIEC/12449.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12448.html P2 Security has launched maXecurity, an appliance-based solution that offers a new and fundamentally different approach to Web Access Management (WAM). maXecurity slashes initial and recurring costs, making effective and secure Web Access Management practical for organizations of all sizes. maXecuritys innovative new architecture boosts scalability, while reducing software and hardware requirements. It streamlines the compliance reporting and auditing processes and opens the door to a range of new WAM applications and markets. maXecurity provides significant time saving improvements through an intuitive self-service interface, self-contained hardware and faster on-boarding for a more flexible and cost effective system. http://www.compliancehome.com/news/FFIEC/12448.html Tue, 18 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12436.html Altor Networks, pioneering a new class of virtual network security solutions, today announced the launch of the industrys first virtual switch traffic analyzer and Virtual Network Firewall. Each system supports multi-vendor virtual platforms and is purpose-built to make virtualized data centers more secure than their physical counterparts. Altors Virtual Network Security Analyzer (VNSA) and Virtual Network Firewall (VNF) provide unprecedented visibility into virtual switch traffic and control over virtual machines (VMs) being deployed by enterprises, government agencies and organizations in regulated industries. Altors VNSA and VNF solutions enable network administrators and security professionals to apply security best practices for virtual networks and help companies meet increasingly stringent HIPAA, PCI and SOX regulatory compliance requirements at a fraction of the cost of legacy security products. http://www.compliancehome.com/news/FFIEC/12436.html Mon, 17 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12433.html Lancope, the provider of the StealthWatch System, the most widely used Network Behavior Analysis (NBA) and response solution, announced that BlueCross BlueShield of Tennessee is using StealthWatch to strengthen information security and improve overall network management. BlueCross BlueShield of Tennessee relies on the StealthWatch System to monitor its entire network for potential security threats. In addition, StealthWatch helps the health plan provider diagnose latency and availability issues on its network. StealthWatch also aids regulatory compliance efforts for BlueCross BlueShield of Tennessee by providing detailed insight into network behavior and user activity. http://www.compliancehome.com/news/FFIEC/12433.html Mon, 17 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12431.html Merchant Warehouse, the preferred provider of merchant accounts and credit card equipment for small- and mid-sized businesses,announced a program that provides merchant education strategies for those independent merchants seeking reliable direction in addressing the payment card industry data security standard (PCI DSS). Henry Helgeson, President and Co-CEO, is available to provide commentary and guidance around how small businesses, also known as Level 4 merchants, can better identify the benefits, objectives, requirements, timelines, audit procedures, and appropriate equipment needed to confidently comply with the PCI standard. This standard was created by the five major credit card companies as a guideline to help merchants implement the necessary equipment and procedures that guard sensitive credit card and personal information. http://www.compliancehome.com/news/FFIEC/12431.html Wed, 12 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12412.html Idera, provider of management and administration solutions for Microsoft SQL Server databases, announced version 2.0 of SQLsecure, an advanced SQL Server security auditing solution that identifies and analyzes database security risks. SQLsecure 2.0 extends its comprehensive set of analyses to include Windows operating system components and adds built-in policies to measure compliance against data security regulations such as Sarbanes-Oxley, PCI DSS, GLBA, HIPPA, BASEL II and The Patriot Act. As many companies are discovering, their biggest data security threat is not external hackers, but internal users. According to the 2007 CSI Computer Crime and Security Survey, 65% of companies who experienced a security incident reported losses due to insider activity. With the complex interaction of security settings and user access controls within SQL Server databases, the Windows operating system, file systems, and more, properly configuring and managing SQL Server security can be a daunting ta http://www.compliancehome.com/news/FFIEC/12412.html Wed, 12 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12411.html Tripwire Enterprise is helping S1 Corporation, provider of customer interaction software for financial and payment services, comply with operational, security and regulatory requirements in its global data center. S1 chose Tripwire for its ability to monitor operational compliance across its corporate IT infrastructure, as well as help its Postilion division address specific PCI requirements. S1 solutions are trusted worldwide by thousands of banks, credit unions, retailers, and transaction processors, said Steve Freeman, Global Security Operations for S1. As a result, our systems need to effortlessly support industry regulations, such as PCI, while maintaining the highest levels of reliability and predictability. With Tripwire Enterprise, our systems are monitored for these strict requirements, helping us in turn meet and exceed the service demands of our customers. http://www.compliancehome.com/news/FFIEC/12411.html Tue, 11 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12406.html Idera, provider of management and administration solutions for Microsoft SQL Server databases, released version 2.0 of SQLsecure, an advanced SQL Server security auditing solution that identifies and analyzes database security risks. SQLsecure 2.0 extends its comprehensive set of analyses to include Windows operating system components and adds built-in policies to measure compliance against data security regulations such as Sarbanes-Oxley, PCI DSS, GLBA, HIPPA, BASEL II and The Patriot Act. As many companies are discovering, their biggest data security threat is not external hackers, but internal users. According to the 2007 CSI Computer Crime and Security Survey, 65% of companies who experienced a security incident reported losses due to insider activity. With the complex interaction of security settings and user access controls within SQL Server databases, the Windows operating system, file systems, and more, properly configuring and managing SQL Server security can be a daunting tas http://www.compliancehome.com/news/FFIEC/12406.html Tue, 11 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12403.html Fortisphere, a provider of enterprise virtual machine lifecycle management software, today announced that it has joined the Payment Card Industry (PCI) Security Vendor Alliance (www.pcialliance.org) to address virtualization security and compliance concerns in the payment card industry. The Alliance provides products and services for members of the industry that must comply with PCI Data Security Standards (DSS). Fortisphere will also present at the PCI Security Vendor Alliances March 18 webinar, Virtually Compliant How Server Virtualization Impacts Data Security and PCI Compliance. Security veteran and Fortispheres new Director of Product Management Chris Farrow, will join a panel of security experts from Citrix Systems and Reflex Security at the event. Farrow has more than 18 years of systems engineering and IT security experience and has advised numerous Fortune 1000 companies on virtualization management and security best practices. http://www.compliancehome.com/news/FFIEC/12403.html Tue, 11 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12401.html Kaplan Financial Compliance, a provider of services and technology solutions for the insurance and securities industries to help manage the producer/representative on-boarding process and career cycle, has introduced an innovative Just in Time appointment processing capability in its CMS G2(TM) compliance solution. The new automated feature is designed to cut down on unnecessary state appointment processing fees paid by carriers. http://www.compliancehome.com/news/FFIEC/12401.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12395.html ARPU, rapidly growing startup in the online advertising space, has selected and implemented Tripwire Enterprise, the leading configuration audit and control solution. ARPU chose Tripwire Enterprise to help it maintain continuous compliance across multiple regulatory standards, including the Payment Card Industry Data Security Standard (DSS). ARPU was particularly drawn to Tripwire Enterprise for the ease and speed with which it could be implemented out-of-the-box. Tripwire automatically detects unauthorized, non-compliant change to enterprise-wide systems and virtual environments and immediately alerts IT staff so that exceptions to its change and release management policies can be immediately updated and investigated. This approach enables ARPU to better manage risk by providing continuous, automated compliance across its environment. http://www.compliancehome.com/news/FFIEC/12395.html Fri, 07 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12390.html Cloakware, the security solutions provider that makes security inseparable from software, announced Nautilus, Inc. has successfully deployed Cloakware Server Password Manager (CSPM) to achieve compliance with PCI Digital Security Standards (PCI DSS) and audit reporting requirements. CSPM, the industrys first commercial Shared Account/Service Account Password Management (SAPM) tool, allows enterprises to bolster the protection of critical data, complete identity management strategies and manage commercial and government compliance programs, such as PCI DSS and Sarbanes-Oxley. Nautilus, promotes its popular exercise equipment through a variety of sales channels including direct marketing, retail, commercial, Internet, catalog and international distributors. Because the companys sales are predominately direct to consumer, the company faces a mandate to meet new and evolving security and compliance standards including PCI and government regulations such as Sarbanes-Oxley. Nautilus turned http://www.compliancehome.com/news/FFIEC/12390.html Fri, 07 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12388.html TerraNua, provider of risk and compliance solutions to the U.S. wealth management market, announced that Artha Capital Management, a Stamford, CT-based alternative investment firm, has signed a contract to utilize the firm's proprietary software solution, MyComplianceOffice for its compliance reporting needs. A strong culture of compliance and established procedures are more prominent and critical for hedge funds in today's regulatory environment, said Adam Jaffe, chief compliance officer of Artha Capital Management. MyComplianceOffice provides us with a comprehensive, flexible, automated solution that will allow us to effectively monitor and, more importantly, document our compliance activities so that we can avoid any potential hazards. Having the MyCompliance Dashboard is an invaluable tool that allows me to visualize the company's adherence to its compliance mandates. http://www.compliancehome.com/news/FFIEC/12388.html Fri, 07 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12387.html DSS Corporation, launched a new Email Archiving Basics thought leadership website. The website (www.emailarchivingbasics.com) is designed for IT Staff and Management Teams who need a Full Cycle Email Archiving Solution to protect their businesses. The site covers a broad range of requirements that an effective email archiving platform must have to obtain the 7 objectives of: Compliance, E-Discovery, Storage Optimization, Email Business Value, Email Search Productivity, Knowledge Management and Quality Management. http://www.compliancehome.com/news/FFIEC/12387.html Tue, 04 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12368.html Crutchfield, an online retailer of consumer electronics, has selected and implemented Tripwire's conguration audit and control solution. Crutchfield chose Tripwire Enterprise to help it maintain continuous compliance across multiple regulatory standards, reducing the time and cost associated with audits, and to help it attract new business. Crutchfield chose Tripwire to ensure it will be able to achieve and maintain a known and trusted state across its infrastructure. Tripwire automatically detects unauthorized, non-compliant change to enterprise-wide systems and virtual environments and immediately alerts IT staff so that exceptions to its change and release management policies can be immediately updated and investigated. This approach enables Crutchfield to better manage risk by providing continuous, automated compliance across its environment. Retailers, including Crutchfield, must comply with multiple regulatory standards, including the Payment Card Industry Data Security Standard http://www.compliancehome.com/news/FFIEC/12368.html Tue, 04 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12367.html Secure Computing Corporation announced the availability of SecurityReporter, a new security event management (SEM) reporting solution for both Sidewinder and SnapGear appliances. SecurityReporter software delivers central monitoring, correlated alerting and reporting of Sidewinder and SnapGear audit streams to identify real security threats from meaningless noise. It provides immediate action points to keep the enterprise or small- to mid-size business safer, and the graphically rich tool strengthens overall security, provides evidence of regulatory compliance, and proves the effectiveness and value of IT's security investment to management. Today, IT administrators face a challenge of getting actionable information from the vast audit and log data associated with the many layers of security systems now required to keep corporate assets safe. As hacker and malware threats increase exponentially, they become more complicated to manage. And, with increasing regulatory compliance obligati http://www.compliancehome.com/news/FFIEC/12367.html Mon, 03 Mar 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12359.html Modulo, provider of IT GRC solutions will introduce MetaFramework, a multi-regulatory compliance solution for meeting mandates and guidelines such as SOX, PCI, FISMA, ISO 27002 (17799), ISO 27001, HIPAA, NERC CIP, COBIT, DIACAP, A130 and FISAP at the Gartner Compliance and Risk Management Summit 2008. The new part of Modulo Risk Manager features -- considered one of the world's top IT GRCM solutions according to Gartner's IT governance, risk and compliance management (GRCM) research divulged last month -- allows the user to produce a rating and set of reports for any of the contained standards. http://www.compliancehome.com/news/FFIEC/12359.html Thu, 28 Feb 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12342.html The preliminary findings of a recent survey found that although cutting operating costs and increasing security of data remain a top priority when selecting a remote access software solution, companies feel a need to more fully integrate their remote support technology into their management systems. A new webcast discusses the features and functionalities IT executives and managers are now looking for, the costs, and internal and external security risks and concerns. Included with the webcast is an assessment tool, compliments of Bomgar, to evaluate ROI for each remote access software solution a company may have under consideration. When companies merge remote support with systems management, security of company data becomes an even greater concern, especially when using the SaaS model, where confidential company data is routed through a third party. According to the Outsourcing Technology Services Security Bulletin from the Federal Financial Institutions Examination Council (FFIEC), w http://www.compliancehome.com/news/FFIEC/12342.html Tue, 26 Feb 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12331.html SenSage, Inc., the leader in Event Data Warehousing solutions, today announced that it has joined the Payment Card Industry Security Vendor Alliance (PCI SVA). The PCI standard requires the collection, retention and analysis of massive amounts of log data. SenSage's Event Data Warehouse (EDW) solution provides functionality for Security Information and Event Management (SIEM), including out-of-box correlation alerts, log analysis, and trending information required to address the growing challenges of protecting consumer credit card data. http://www.compliancehome.com/news/FFIEC/12331.html Fri, 22 Feb 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12308.html Carnival Cruise Lines announced its selection of Tripwire, the industry leader in configuration assessment and auditing solutions, to leverage Tripwire Enterprise as part of the company's continuing efforts in achieving and maintaining a known, trusted and compliant state -- ensuring Carnival's IT systems continue to be secure, consistently available and compliant with regulatory standards. Tripwire Enterprise will help Carnival to streamline its already comprehensive auditing processes as part of the company's ongoing commitment to ensure its guests' credit card data remains secure. Tripwire's technology automatically detects unauthorized, non-compliant change to enterprise-wide systems and virtual environments and, in the event an unexpected change is encountered, immediately alerts Carnival's IT staff so that exceptions to its change and release management policies can be immediately updated and investigated. This approach enables Carnival to better manage risk by providing continuo http://www.compliancehome.com/news/FFIEC/12308.html Thu, 21 Feb 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12305.html OpSource, the SaaS delivery experts, has announced Level One compliance with the Payment Card Industry Data Security Standard (PCI DSS). Trustwave, provider of information security and compliance management solutions to businesses and organizations throughout the world, performed the PCI DSS review. PCI DSS is the payment card industry security standard for entities that process, transmit or store cardholder data, and has been endorsed by all the major card brands Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The payment card brands require that on-demand applications that accept credit card information use PCI compliant service providers such as OpSource. Doing so assures the security of payment card information collected by companies who deliver their on-demand applications via the comprehensive, award-winning OpSource On-Demand Web application delivery platform. http://www.compliancehome.com/news/FFIEC/12305.html Thu, 21 Feb 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12303.html MetricStream announced a new release of its Compliance Management application. The new release is designed to manage compliance with multiple regulations across complex organizational structures through a common framework. As the multiple compliance initiatives become more intertwined from regulatory and organizational perspectives, Compliance Officers are focusing on effective rationalization of controls to provide a clear, unambiguous process for compliance management and to deliver a single point of reference for the organization. The new release of the Compliance Management application provides a configurable framework to document processes, risks and controls across multiple areas of compliance including cross-industry mandates and regulations such as SOX, OSHA, EH&S and FCPA as well as the industry focused regulatory guidelines from FDA, NASD, FERC, PCI, FAA, HACCP, AML, Basel II and data retention laws. The documentation can be applied across a hierarchical organization structur http://www.compliancehome.com/news/FFIEC/12303.html Mon, 18 Feb 2008 00:00:00 CST http://www.compliancehome.com/news/FFIEC/12287.html Intellicus Technologies, provider of seamlessly embeddable HIPAA secure Analytics and Reporting products will showcase its products at HIMSS 2008. HIMSS08 is one of the largest conferences of healthcare professionals, where leading healthcare software providers offer detailed insights into their products and solutions. The conference scheduled for February 24th to February 28th at Orlando, Florida, provides leadership for the optimal use of healthcare information technology (IT) and management systems for the betterment of healthcare. Intellicus easy-to-use and business friendly interface provides a rich user experience, may it be an EHR, Claims Processing, or a Corporate Report. CXOs, corporate users, clinicians, doctors/physicians, nurses and care providers can all use Intellicus to design and self-create reports on the fly. http://www.compliancehome.com/news/FFIEC/12287.html