Managing compliance operations

  • May 05, 2009 05 May'09

    A certified security professional is not a compliance guarantee

    Compliance and security consultant and TechTarget contributor Kevin Beaver checked in about the Cybersecurity Act of 2009, aka the kill-switch bill. He agrees with some other experts I've talked to ...

  • May 05, 2009 05 May'09

    Podcast: HITECH Act adds new compliance requirements, penalties

    The Health Information Technology for Economic and Clinical Health (HITECH) Act, sometimes referred to as “HIPAA2,” introduces new compliance requirements, penalties and incentives for the adoption ...

  • May 04, 2009 04 May'09

    Prepare for compliance auditors: Tighten access control

    Image via Wikipedia You’re a busy IT operations manager. You run a tight ship, including security operations. But are some of your basic controls as consistent as you think? It's worth figuring ...

  • May 01, 2009 01 May'09

    Cybersecurity trends: Security and compliance aren't the same thing

    When I first blogged about my experience at RSA Conference 2009, I noted that cyberwar, compliance, virtualization and cloud security were key trends at RSA. A week later, I still see that as an ...

  • May 01, 2009 01 May'09

    RSA Conference Advisory Board highlights cybersecurity threats, trends

    A lunchtime roundtable with the Advisory Board for last week's RSA Conference 2009 offered forward-looking advice on information security trends and cybersecurity threats based on research and ...

  • April 27, 2009 27 Apr'09

    Kodak CISO on meeting today's compliance challenges

    In this IT Compliance Advisor podcast from, associate editor Alexander B. Howard interviews Bruce Jones, chief information security officer (CISO) at Eastman Kodak Co. Over the ...

  • April 24, 2009 24 Apr'09

    At RSA: Cyberwar, compliance, virtualization and cloud security

    What's been the buzz at the RSA Conference? Constant and loud, to be sure, but perhaps a dull roar compared with past years. Seasoned analysts, vendors and delegates all note that attendance is ...

  • April 23, 2009 23 Apr'09

    IT spending, budget increases tied to compliance

    The poor economy and recession has resulted in cutbacks just about everywhere, but apparently not in information security technology spending. That's not necessarily good news, though, for those ...

  • April 22, 2009 22 Apr'09

    Cybersecurity is 'a critical national interest,' says Hathaway

    "It is the fundamental responsibility of our government to secure cyberspace for its citizens and the world." -- Melissa Hathaway Melissa Hathaway's keynote at RSA kicked off with the Mission ...

  • April 21, 2009 21 Apr'09

    The future of compliance policy management

    Compliance is not just "one thing" for businesses anymore. Compliance has become a broad subject like "finance" or "security," with many sub-topics underneath that umbrella. The best strategy for ...

  • April 21, 2009 21 Apr'09

    Database logging and privileged access control

    Ship captains have long started their days by initialing log entries. As a former senior security executive at a financial services firm with $500 billion in assets under management and over 20,000 ...

  • April 16, 2009 16 Apr'09

    Email to the Editor: 201 CMR 17.00, ID theft and data protection

    Great article ["Panels describe risks of noncompliance with Mass. data protection law"]. Numerous thought-provoking statements in this article and in the legislation itself. My first thought is ...

  • April 13, 2009 13 Apr'09

    What does being PCI DSS compliant really mean?

    There is a big difference between being PCI DSS compliant and being "certified" as PCI DSS compliant, says e-commerce expert Evan Schuman of in this edition of the IT ...

  • April 13, 2009 13 Apr'09

    Compliance fundamentals: Database logging, privileged access control

    On April 10, 2009, 10,868 Social Security numbers at Penn State Erie, The Behrend College, were compromised by a detected intrusion. Last October’s data breach of 17 million records at T-Mobile, ...

  • April 09, 2009 09 Apr'09

    Keep your change management process simple

    This is a guest post by Laurence Anker, engagement manager, technology risk management, at Jefferson Wells International Inc. The only constant in information technology today is change. The ...