Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: compliance

Classy Data (pt. 2) – Context and Handling

– The category of a particular data item may have been carefully arrived at and cast in concrete, as it were. But data do not live in unchanging isolation, nor are they always used for the same purpose or in the same manner. …

Is FUD Always With Us?

– In March, 2008, Alan Shimel-who blogs at http://www.stillsecureafteralltheseyears.com/ – wrote a fascinating entry with the provocative title:  “Sitting on Your Hands is Not an Option-FUD, Compliance, What will it Take to Sell Security?”  Unfortunately, the text is no longer…

GRC (Part 2): Risky Business

– Let’s resume where we left off in part 1. I had created a table, repeated here, which shows the interrelationships among governance, risk and compliance. Governance Risk Compliance The Governance of … 1 2 3 Risks Related to … 4 5 6 Compliance of … 7 8 9 …

The New Identity Theft Red Flags Rule: Does it Raise “Red Flags” for Information Security?

– On May 10, 2006, President Bush signed an Executive Order creating the nation’s “first ever” Identity Theft Task Force.  The purpose of this ad hoc committee, chaired jointly by the Attorney General and by the Chair of the Federal Trade Commission (FTC), was “to help law…

Proposed SEC Rules Broaden Scope of InfoSec Compliance Responsibilities

– On March 11, 2008, the United States Securities and Exchange Commission (SEC) published proposed rules intended to “set forth more specific requirements for safeguarding information and responding to information security breaches, and broaden the scope of the information covered by Regulation…