http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Tue, 26 Feb 2013 00:00:00 CST http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract12140.html Thi white paper describes about implementation of Access Control Service with an example http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract12140.html Tue, 26 Feb 2013 00:00:00 CST http://www.compliancehome.com/whitepapers/OSHA/abstract12100.html The White Paper discusses NatMed's approach to managing OSHA Medical Surveillance for employers. The paper discusses four models that are available for employers to choose from including In-House, HR Solutions Vendor, Clinical Network Vendor, and NatMed's Standardized Compliance Program. http://www.compliancehome.com/whitepapers/OSHA/abstract12100.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract12050.html This document includes a brief overview of the Sarbanes-Oxley Act of 2002 (SOX), and describes how it impacts information security in publically traded, US-listed corporations. The Hitachi ID Identity Management Suite is then introduced, and its use to comply with SOX requirements is described. Please note that this document does not constitute legal advice. This document represents the best understanding of Hitachi ID of the relevance of this legislation to information security in general and to identity management in particular. http://www.compliancehome.com/whitepapers/SOX/abstract12050.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12048.html The Payment Card Industry Data Security Standard (PCI-DSS) is a brief, pragmatic and very reasonable set of standards intended to guide financial institutions, retailers and other data processors in protecting data about credit cards and their owners. It is organized into six logical categories: 1. Build and Maintain a Secure Network. 2. Protect Cardholder Data. 3. Maintain a Vulnerability Management Program. 4. Implement Strong Access Control Measures. 5. Regularly Monitor and Test Networks. 6. Maintain an Information Security Policy. PCI-DSS is unique among major regulatory requirements for corporations and government agencies in that it specifically lays out what organizations must do and what they must not do to comply. This makes compliance much more straightforward than regulations such as SOX, HIPAA, etc. which are ambiguous in regards to information security. To fulfill all of the requirements in PCI-DSS, organizations must deploy a combination of sound business practices and v http://www.compliancehome.com/whitepapers/PCI/abstract12048.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12037.html This white paper will provide an amalgamation of how log management can play a pivotal role to address PCIDSS requirements and proves to be a success factor and enabler for safeguarding cardholder transaction Data and providing a secure and vulnerable free environment for cardholders http://www.compliancehome.com/whitepapers/PCI/abstract12037.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12027.html The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to establish minimum security requirements, but there are also best practices that companies can follow to better understand the intent of the Standard, as well as to help provide a smooth implementation. This paper outlines several guidelines on how to achieve a high level of success when performing a PCI DSS compliance project. The tips are not rules, but rather guidelines based on years of industry experience. http://www.compliancehome.com/whitepapers/PCI/abstract12027.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract12013.html The main challenge for developing a Basel software solution is around the various calculations which are involved and the accuracy of calculations. Most of the time, there is little thrust on understanding the basics behind the calculations; rather banks IT department relies on the vendors to provide all calculations and related computing. http://www.compliancehome.com/whitepapers/Basel-II/abstract12013.html Mon, 18 Jul 2011 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract12010.html With the increase of advanced persistent threats combined with the need for cost savings, the Federal Government is undertaking a dramatic shift in its cybersecurity strategy and annual security risk reporting. The Federal Information Security Management Act (FISMA) requires agencies to report performance measures defined by the Office of Management and Budget (OMB). In 2010, OMB released the CyberScope system and updated FISMA reporting guidance for federal agencies. The purpose of this paper is to provide a perspective on this new guidance and the impacts on federal agencies that must collect and provide data for these performance measures. http://www.compliancehome.com/whitepapers/FISMA/abstract12010.html Wed, 20 Oct 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract12003.html This paper is an attempt to provide some guidelines on how organizations can approach ICD-10 testing. As this paper shows, the task is complex, requiring careful planning and co-ordination among vendors, trading partners and within the organization. The testing for ICD-10 promises to be much more substantial than the testing for NPI and 5010 put together. This is owing to various factors such as: Overarching impact of ICD-10 across process & systems Number of covered entity participants which are involved Current limitations of test environments in healthcare organizations The above can be a hindrance in supporting a full-scale end-to-end testing, they need to be handled carefully. Since ICD codes play a key role in many business processes, it is recommended that thorough testing be done. http://www.compliancehome.com/whitepapers/HIPAA/abstract12003.html Wed, 20 Oct 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract12000.html Penetration Testing should do more than assess the external network for obvious flaws. Discover how enhancing the penetration testing process will ultimately lead to a stronger and more compliant security posture. http://www.compliancehome.com/whitepapers/PCI/abstract12000.html Fri, 24 Sep 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract12001.html When the deadlines for ICD-10 implementation were extended to 2013, the health care industry seemed to heave a huge collective sigh of relief. Hospitals, physicians and payers had been united in their requests for extensions, citing the time required for system and process changes to adopt the new standards.1 Equally important to the industry, extensions had also been granted for implementation of the x12 HIPAA 5010 (5010) transaction sets, which were known to be the critical predecessor to ICD-10 success. http://www.compliancehome.com/whitepapers/HIPAA/abstract12001.html Mon, 05 Jul 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11984.html The move away from paper-based medical records systems to electronic medical records (EMR) is rightly viewed as a step towards improving patient outcomes, increasing clinician productivity, and lowering costs. The transition, however, is often hampered by the challenge of providing secure access to patient information, particularly given the increased focus on regulatory compliance. From an IT perspective, the mandate is clear: access to patient information must be not only secure but also fast, convenient, and reliable. Technologies that provide security but frustrate cliniciansby slowing them down or adding steps to their everyday taskswill slow adoption of EMR to a crawl. Likewise, because clinicians are responsible for any changes to medical records made in their name, they will resist adoption unless safeguards are in place to ensure that every EMR change attributed to them was actually made by them. In the U.S., slow adoption can ultimately disqualify a hospital from receiving http://www.compliancehome.com/whitepapers/HIPAA/abstract11984.html Wed, 23 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11982.html It is difficult for covered entities to evaluate the HIPAA compliance status of the business associates. This questionnaire will help a covered entity to determine the level of understanding of Business associate of HIPAA rule & their compliance status. This PDF file can be sent to Business Associate as PDF file. Business Associate can complete the form, save it and can send it back to the covered entity requesting this form. http://www.compliancehome.com/whitepapers/HIPAA/abstract11982.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11979.html NIST SP 800-53 includes several sections that specify requirements for managing passwords used in the datacenter. While many agencies have investigated password management from the end-user perspective, few have addressed the need to manage passwords for elevated privilege accounts used by administrators and unattended applications. An organized, workable approach to managing these passwords is critical. http://www.compliancehome.com/whitepapers/FISMA/abstract11979.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11978.html FISMA compliance is a complex process due to the broad scope and diversity of federal information systems. However, the core identity and access management requirements come down to common sense and well established principles that can be addressed through a strategy of centralized management and policy enforcement. http://www.compliancehome.com/whitepapers/FISMA/abstract11978.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11977.html This whitepaper discusses the drivers for datacenters moving to the cloud, the role of virtualization in both public and private cloud infrastructures and outlines the security and compliance implications of cloud computing - providing insight into the protection of sensitive data in the cloud via administrative access and privileged delegation. http://www.compliancehome.com/whitepapers/PCI/abstract11977.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11976.html In February 2004, the FDA issued a Draft Guidance requiring the electronic submission of labeling content to be provided in an XML-based format called Structured Product Labeling (SPL). The purpose of this white paper is for the reader to gain an understanding and prepare for the FDA's new electronic labeling submission standard. http://www.compliancehome.com/whitepapers/FDA/abstract11976.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract11975.html Today, when you make decisions about information technology (IT) security priorities, you must often strike a careful balance between business risk, impact, and likelihood of incidents, and the costs of prevention or cleanup. Historically, the most well-understood variable in this equation was the methods that hackers used to disrupt or invade the system. Protective security became the natural focus, and the level of protection was measured by evaluating defensive resiliency against live or simulated attacks. This protection has proven to be insufficient, as the escalating frequency and impact of successful exploits are proving that IT assets are not yet secure. The ever-changing landscape at the application infrastructure layer likely leaves you inadequately informed as to where and how your data might be exposed. So where can you turn next to help protect the security of your critical data assets? Since 75 - 90 percent of all Internet attacks are targeting the application layer, it i http://www.compliancehome.com/whitepapers/GLBA/abstract11975.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11974.html Unix/Linux OS users have passionately embraced either implementing open source privileged identity management solutions (i.e., sudo), commercial solutions that are more user friendly, or not implementing anything at all. Though highly disputed, the fact of the matter is that both solution-types do work and both bring high-value depending upon the IT environment that it is managing. This white paper will illustrate certain positive situations where open source solutions like sudo often work in smaller scale enterprises. However, this white paper will also spotlight red flags that relate to larger companies or companies experiencing significant IT growth. CISOs managing large IT environments, combined with the http://www.compliancehome.com/whitepapers/HIPAA/abstract11974.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11973.html Risk is a function of the likelihood that a given threat-source might exercise a particular potential vulnerability, and the resulting impact of that adverse event on the organization. In IT systems, risk can be introduced from the internet, servers, networks, malicious insiders, and even lapses in physical security. However, the current rate of newly discovered vulnerabilities in software has risen to the top of the agenda for security professionals striving to control their companys overall risk profile. Until now, enterprises have lacked an efficient manner to analyze the security of software as part of their risk management processes. Security testing has been limited to manual analysis by consultants, using internal teams with source code tools or trusting the software supplier to test their own code. None of these approaches scale to cover an enterprises entire application portfolio and can add significant time and costs to projects. In an effort to combat this growing trend, n http://www.compliancehome.com/whitepapers/PCI/abstract11973.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11972.html The final privacy rules for securing electronic health care became effective in 2003. These regulations require healthcare companies to develop, implement and document the measures they take to ensure that health information remains secure under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is intended to protect and simplify the exchange of healthcare data nationwide. As of April 2006, all healthcare organizations are required to comply. http://www.compliancehome.com/whitepapers/HIPAA/abstract11972.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11970.html Looking for a better way to manage security and compliance issues swiftly and with minimum impact to your business? Download this solution brief from RSA, The Security Division of EMC, to learn how organizations are combining the RSA Archer eGRC Suite with the wider RSA and EMC portfolio to automate security and compliance processes, prioritize and streamline incident response, and communicate risk clearly at all levels of the business. http://www.compliancehome.com/whitepapers/PCI/abstract11970.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11969.html Be sure your site is in compliance with government data regulations by reading about the different data regulatory standards in this white paper. Learn more today! http://www.compliancehome.com/whitepapers/FISMA/abstract11969.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11968.html The key benefit of creating a case management methodology is to multiply its effectiveness by replicating it across the organization's patient-facing departments, practices and functions. In this way, your organization can reduce costs, increase quality and streamline its operations. Supported by effective processes, tools and information, case management can be a powerful weapon to achieve quality, efficiency and profitability in your organization. http://www.compliancehome.com/whitepapers/HIPAA/abstract11968.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11966.html With mobile workforce enablement and wireless technologies now being mandated as a critical business priority, IT organizations must rapidly advance to third-generation mobility. Whereas first- and the second-generation mobility technologies were focused on e-mail access and wireless point-solutions, third generation mobility demands an ubiquitous mobile workflow that is seamlessly integrated into existing business processes and backend systems allowing transparent wireless access to all enterprise applications from any network without requiring system modifications or new hardware. At the same time, next-generation mobility demands bulletproof security and effortless compliance with audit trail requirements mandated by Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standards (PCI DSS), and other regulations. http://www.compliancehome.com/whitepapers/HIPAA/abstract11966.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11964.html Over the last 30 years, companies have significantly changed their approach to ensuring that their businesses can continue to run in the event of a catastrophe. In the 1970s, IT departments responsible for companies information-based assets focused on the recovery of the data center and associated networks. By the 1990s, the focus had shifted to business units. The commitment of management became a critical success factor in the development of business continuity plans, as both IT and the business were required to develop those plans. As a result of 9/11, organizations extended business continuity planning to create enterprise-wide plans. Today, executive management is much more involved in ensuring the success of the plans, and the focus has shifted from power, hardware, and software outages to regulatory requirements, business requirements, and non-traditional events such as terrorist attacks. Read this white paper to learn how business continuity and disaster recovery solutions can http://www.compliancehome.com/whitepapers/HIPAA/abstract11964.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11963.html One would think that the enactment of the HIPAA, with its mandates on data security and privacy, would have brought a major shift in the security management practices within the US healthcare. Unfortunately, recent industry reports indicate low levels of regulatory compliance, thus raising security concerns for the US health IT infrastructure. This research develops a regulatory compliance model by drawing insights from the institutional theory literature to identify the key drivers influencing HIPAA compliance, both institutional and market forces (e.g., variability in state-level privacy laws comprehensiveness, interdependency between privacy and security rules, pressure from compliance leaders in the region, compliance officer's functional background, and the consumer concern for privacy). http://www.compliancehome.com/whitepapers/HIPAA/abstract11963.html Thu, 27 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11962.html How to best comply with PCI-DSS using IBM Power i http://www.compliancehome.com/whitepapers/PCI/abstract11962.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract11961.html The global economy is pushing businesses in virtually every industry to work faster and smarter. The company that cant respond to a customer need almost immediately is destined to lose out to a more nimble competitor that can meet that need. It comes down to agility how fast a company can adapt to change and respond to demands. This white paper discusses the issues important in designing a process for user-to-user secure file transfer that simultaneously enhances business agility while ensuring that your methods for handling private information adhere to your security and privacy policies. The solution described in this white paper has been chosen by numerous companies in industries that are regulated by Sarbanes-Oxley, HIPAA and other legislation in order to increase their security posture. Read this white paper to learn more http://www.compliancehome.com/whitepapers/GLBA/abstract11961.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11961.html The global economy is pushing businesses in virtually every industry to work faster and smarter. The company that cant respond to a customer need almost immediately is destined to lose out to a more nimble competitor that can meet that need. It comes down to agility how fast a company can adapt to change and respond to demands. This white paper discusses the issues important in designing a process for user-to-user secure file transfer that simultaneously enhances business agility while ensuring that your methods for handling private information adhere to your security and privacy policies. The solution described in this white paper has been chosen by numerous companies in industries that are regulated by Sarbanes-Oxley, HIPAA and other legislation in order to increase their security posture. Read this white paper to learn more http://www.compliancehome.com/whitepapers/HIPAA/abstract11961.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11961.html The global economy is pushing businesses in virtually every industry to work faster and smarter. The company that cant respond to a customer need almost immediately is destined to lose out to a more nimble competitor that can meet that need. It comes down to agility how fast a company can adapt to change and respond to demands. This white paper discusses the issues important in designing a process for user-to-user secure file transfer that simultaneously enhances business agility while ensuring that your methods for handling private information adhere to your security and privacy policies. The solution described in this white paper has been chosen by numerous companies in industries that are regulated by Sarbanes-Oxley, HIPAA and other legislation in order to increase their security posture. Read this white paper to learn more http://www.compliancehome.com/whitepapers/SOX/abstract11961.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11960.html When it comes to your employees' use of the Internet, it isnt wise to underestimate the potential for damage to your organization. From a network used by dedicated scientific intellectuals devoted to honest research, the Internet has grown to become the worlds biggest clearinghouse for information of all kinds. At the same time, it has become a haven for inappropriate behavior and systems attacks, as well as posing a liability for any company that doesnt appropriately manage their employees' Internet use. Due to the serious nature of many threats, the Internet use of even one unmonitored employee on a single unmanaged system can ravage a companys internal network, irrevocably delete critical data, and ultimately ruin the companys ability to conduct business. Situations like this arent works of fiction, but actual everyday occurrences for organizations with unprotected networks. Read this white paper to learn more about how to protect your organization from these threats. http://www.compliancehome.com/whitepapers/SOX/abstract11960.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract11959.html Protecting information assetsconfidential intellectual property, sensitive customer data, financial information or private patient informationcontinues to be a top-of-mind issue for all enterprises. A data breach that reveals sensitive information can be costly and devastate the reputation of your organization. There are ways to avoid the situation with the improved ability to secure email attachments and other file transfers. Read this whitepaper to learn about the issues important in selecting a solution for user-to-user secure file transfer that ensures methods for handling sensitive information, adherence to security and privacy policies, and compliance with government mandates for sensitive data handling. Learn how Accellion Secure File Transfer meets these requirements for secure file transfer and seamlessly supports business process agility. http://www.compliancehome.com/whitepapers/GLBA/abstract11959.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11954.html AB Paving is a leading paving services & professional paving contractor in Burnaby BC. It provides Commercial paving services, residential paving services, landscaping services, paving maintenance, driveway sealing. http://www.compliancehome.com/whitepapers/FISMA/abstract11954.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11953.html Arman Expert (the Three Housekeepers) offers quality cleaning services for commercial and residential sectors in the Greater Vancouver area, mainly Vancouver, West Vancouver, North Vancouver, Burnaby, Richmond, New Westminster and Coquitlam. http://www.compliancehome.com/whitepapers/FDA/abstract11953.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11952.html John Buchanan is a trusted Criminal Defence Lawyer based in Vancouver BC. With 25 years of experience in the Criminal Law services, John Buchanan offers professional and quality legal services as a Criminal Defence Lawyer for Vancouver and adjoining areas in British Columbia. http://www.compliancehome.com/whitepapers/FISMA/abstract11952.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11951.html Commercial cleaning services are important for proper cleaning of offices and industrial places. They have a growing need in most industries and businesses. http://www.compliancehome.com/whitepapers/FISMA/abstract11951.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract11950.html Cleaning Services Vancouver is one of the specialized Cleaning Service provider which offers quality and affordable cleaning services. It offers a host of cleaning services which is inclusive of both commercial as well as residential cleaning. http://www.compliancehome.com/whitepapers/Basel-II/abstract11950.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11949.html There are many commercially available information security tools on the market, many of which can help with HIPAA and HITECH compliance. At a minimum, meeting HIPAA and HITECH compliance requires 4 security solutions. First, a firewall and Intrusion Prevention System (IPS), however most modern IPS devices include firewall functionality as well. Second, a Database Monitoring system (DAM, or DBM) and/or an Application Monitoring system to monitor, protect, and log all access to sensitive data. Third, a Log Management system to store all logs in a secure manner, for audit purposes. Finally, a Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes. This document details the specific product functionality that applies specific HIPAA and HITECH requirements. http://www.compliancehome.com/whitepapers/HIPAA/abstract11949.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11948.html The American Recovery and Reinvestment Act of 2009 became federal law February 17. It includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations. It also allocates billions of dollars to invest in the implementation and exchange of health information technology, such as electronic health records (EHR). http://www.compliancehome.com/whitepapers/HIPAA/abstract11948.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11947.html For industries that operate in regulated environments, validation of processes and systems is an important and required part of business. The goal of the validation process is to provide a high degree of confidence in a process or system by demonstrating consistent and repeatable operational results through documented evidence. The exact requirements of a compliant validation will be detailed by the appropriate regulatory agency that oversees your business sector. If your business uses Good Practices (GxP) and is in the food, pharmaceutical products, or medical devices business sectors, then you are likely required to comply with a regulatory agency. Failure to comply with regulations could lead to fines, suspension of business, or even loss of your business. This article will provide an overview of a validation for a computer software system to be compliant with Food and Drug Administration (FDA) regulations. http://www.compliancehome.com/whitepapers/FDA/abstract11947.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11946.html The GCSX Code of Connection is an important step along the journey to provide a secure infrastructure for public sector business. At the time of writing most, if not all, work in local authorities to achieve compliance with the Code of Connection has been completed. In isolation, GCSX Code of Connection compliance may be seen to deliver little extra value back to the organisation, so it is important that a successful implementation be used as a catalyst for an improvement in overall organisational compliance. http://www.compliancehome.com/whitepapers/PCI/abstract11946.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11945.html Although one-way communication is often a reality, communication is more effectively viewed as a two-way process in the exchange of information for a mutual goal. My children frequently remind me of this when I quickly pre-judge them based on my sole perspective without their input. While a two-way communication process clearly makes sense, its integration in the business world is often not effective. This includes communications between a companys board and its external auditor. http://www.compliancehome.com/whitepapers/SOX/abstract11945.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11944.html There are many commercially available information security tools on the market, many of which can help with PCI compliance. At a minimum, achieving PCI-DSS requires 4 security solutions. First, a firewall and Intrusion Prevention System (IPS), however most modern IPS devices include firewall functionality as well. Second, a Database Monitoring system (DAM, or DBM) and/or an Application Monitoring system to monitor, protect, and log all access to sensitive data. Third, a Log Management system to store all logs in a secure manner, for audit purposes. Finally, a Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes. This document details the specific product functionality that applies to each of the 12 PCI requirements. http://www.compliancehome.com/whitepapers/PCI/abstract11944.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11943.html Two new federal laws, ARRA and the HITECH Act, aim to do what many say HIPAA has failed to do for the past 14 years: force health care facilites to get serious about protecting patient health care records. However, with budget challenges, fragmented policies and lack of security awareness, many institutions are a long way from compliance. The good news is there\'s still time for tech vendors and affected institutions - such as health plans, health care clearinghouses and health care providers, as well as insurance firms, benefits managers and payment systems providers - to get their tools, capabilities and practices in place. http://www.compliancehome.com/whitepapers/HIPAA/abstract11943.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11942.html With adoption of the PCI DSS expanding throughout the United States and into Europe, organizations subject to PCI compliance face several key challenges. Learn more about these challenges, how to address them, and how Tripwire IT security and compliance automation solutions can help. http://www.compliancehome.com/whitepapers/PCI/abstract11942.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11941.html In this case study, an enterprise-level business processing outsourcer is required to be in continuous compliance with the Payment Card Industry Security Standard (PCI DSS). Its struggle to stay in compliance using antiquated manual processes drove it to seek out a solution that would automate this process. Quickly analyzing and auditing its firewalls, managing its rulebase, and proving to its customers that their data was protected and secure was also critically important. Read on to learn how this organization sustains automated PCI DSS compliance while realizing significant savings in time, money, and people within days using Skybox Security's firewall compliance and analysis solutions. http://www.compliancehome.com/whitepapers/PCI/abstract11941.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11940.html According to Gartner, enterprises that have not deployed wireless are at a higher risk of exposure from rogue wireless devices. Even enterprises that are deploying wireless must tackle the problem of rogue WLANs from employees who do not have wireless access, contractors, auditors, vendors, etc., who bring in their own equipment while operating within the office, or potential espionage traps. This paper provides an overview of the different types of rogue wireless devices (APs, wireless stations, ad hoc networks, soft APs, accidental & malicious associations), risks faced by enterprises due to their proliferation and multiple approaches to detecting and mitigating them. http://www.compliancehome.com/whitepapers/PCI/abstract11940.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11939.html Wireless communications that use a shared Radio Frequency medium are often vulnerable to Denial of Service (DoS) attacks. Wireless DoS attacks can be initiated at the physical or MAC layer and can cripple a WLAN. While intentional DoS attacks cause the most damage, unintentional interference can also be deleterious. Physical layer DoS attacks are caused by RF jammers that prevent WLAN devices from communicating. This paper provides an overview of various WLAN DoS scenarios and available countermeasures to detect and mitigate them. http://www.compliancehome.com/whitepapers/PCI/abstract11939.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11938.html Firewalls and VPNs are well-established perimeter security solutions. The introduction of wireless technologies has created a new category of entry point circumventing traditional security components. Many recently publicized data breaches in the retail industry have exploited wireless vulnerabilities. Attackers have been able to access sensitive applications and databases regardless of security systems such as firewalls and VPNs. Wireless intrusion prevention is required to thwart wireless attacks and provides the least costly method of adhering to the PCI DSS wireless security requirements. This paper provides a brief overview of some of the most important threats that wireless presents to retail network security and illustrates how traditional defenses such as firewalls and VPNs are just not enough http://www.compliancehome.com/whitepapers/PCI/abstract11938.html