It was good to see the Office of Civil Rights (OCR) publish the long awaited proposed updates to HIPAA Security and Privacy Rules Thursday last week. Note that OCR is …
REGULATORY COMPLIANCE
Logging for Effective SIEM and PCI DSS Compliance …. UNIX, Network Devices and Databases
In one of my previous blogs, I covered the importance of logging the “right” events for an effective Log Management or Security Information and Event Management (SIEM) deployment … see …
FTC delays enforcement of Identity Theft Red Flags Rule to 12/31/10
FTC announced earlier this morning that it is delaying enforcement of the Red Flags Rule to 12/31/10 pending expected legislation by Congress that would affect the scope of entities covered …
PCI DSS Quick and Dirty?
I recently received a tweet titled “PCI DSS Compliance – Quick and Dirty”. I think it is safe to say that such a title is bound to grab immediate attention …
Identity Theft Red Flags Rule – Is the 06/01/10 deadline looking good?
Frankly, I have lost count of how many times FTC has moved the deadline already (see my related post from 2009). This time, however, I think the deadline is too …
New details released regarding Internal Security Assessor (ISA) program for PCI DSS
PCI SSC has just released new details regarding the training schedule for the ISA program. The program is obviously PCI SSC’s response to the often heard complaints from merchants and …
Logging for PCI DSS Compliance
PCI DSS has had specific requirements for logging and review of those logs for sometime now. The logging requirements (under Requirement 10 ) have a primary objective of supporting forensics …
PCI DSS update related to digital audio recordings containing cardholder data
PCI SSC released another update yesterday related to digital audio recordings. The update provides further clarification (to the update on January 22) on the storage of sensitive data in digital …