Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: sarbanes-oxley

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

– This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or federal mandate.  This regulation, 201.CMR 17.00 (Read the full text here), states that “all persons that own,…

Down the PCI Rabbit Hole in Search of Better Risk Measurements

– Decision-making is often a product of risk assessment and prioritization.  Currently, I have several deliverables pending for work, a carpentry project at home and this article to write.  As I decide which to address, I quickly, and in many cases, unconsciously, analyze what I am placing at risk…

Corporate Governance: A Dirty Word or a Dirty Job?

– Corporate governance is in the limelight. No one wanted it, not many embrace it. But it’s here and here to stay, thanks to the horrifying outcomes vis-a-vis criminal activity leading to the failures of Enron, Worldcomm and the likes. In the newly published anthology, CISO Leadership:…