Tag Archives: compliance
Classy Data (pt. 2) – Context and Handling
September 13, 2009 – 9:52 pm
–
The category of a particular data item may have been carefully arrived at and cast in concrete, as it were. But data do not live in unchanging isolation, nor are they always used for the same purpose or in the same manner. …
Is FUD Always With Us?
December 29, 2008 – 6:00 am
–
In March, 2008, Alan Shimel-who blogs at http://www.stillsecureafteralltheseyears.com/ – wrote a fascinating entry with the provocative title: “Sitting on Your Hands is Not an Option-FUD, Compliance, What will it Take to Sell Security?” Unfortunately, the text is no longer…
GRC (Part 2): Risky Business
October 30, 2008 – 6:00 am
–
Let’s resume where we left off in part 1. I had created a table, repeated here, which shows the interrelationships among governance, risk and compliance. Governance Risk Compliance The Governance of … 1 2 3 Risks Related to … 4 5 6 Compliance of … 7 8 9 …
The New Identity Theft Red Flags Rule: Does it Raise “Red Flags” for Information Security?
October 21, 2008 – 10:20 pm
–
On May 10, 2006, President Bush signed an Executive Order creating the nation’s “first ever” Identity Theft Task Force. The purpose of this ad hoc committee, chaired jointly by the Attorney General and by the Chair of the Federal Trade Commission (FTC), was “to help law…
Proposed SEC Rules Broaden Scope of InfoSec Compliance Responsibilities
May 5, 2008 – 6:00 am
–
On March 11, 2008, the United States Securities and Exchange Commission (SEC) published proposed rules intended to “set forth more specific requirements for safeguarding information and responding to information security breaches, and broaden the scope of the information covered by Regulation…