Security Standards - IT Library : ZDNet Asia

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Compliance: SEC 17a-4/NASD 3010/3110 2007-04-17 Biscom

In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today.

Tags: Data Recovery - Security, SEC Rule 17A-4

Compliance: The California Security Breach Notification Act (SB 1386) 2007-04-17 Biscom

The California Security Breach Notification Act states that any business or agency that uses a computer to store confidential personal information about a California resident must immediately notify that individual upon discovering any breach to the computer system upon which this information is stored. Failure to notify the individual(s) could subject the business/agency to civil damages and lawsuits. The statute became effective July 01, 2003. While lawsuits can be sufficiently damaging to a company's bottom line and reputation by themselves, failing to deal with the risks associated with SB 1386 could trigger violations of the Sarbanes-Oxley Act, which has serious consequences for violators.

Tags: Data Recovery - Security, Sarbanes-Oxley

Is Your WLAN Putting Your PCI Compliance at Risk? 2007-04-12 Colubris Networks

The Payment Card Industry (PCI) Data Security Standard was created in 2004 by major credit card companies - American Express, Discover Financial, JCB, MasterCard Worldwide, and Visa International - to provide security and privacy of customers' credit card data and personal information. The PCI standard sets specific guidelines for the storage, processing, and transmittal of all associated data in order to protect cardholders from identify theft. PCI compliance is mandatory for all merchants that store, process or transmit credit card data through retail stores, mail order, telephone order and online sites. Retailers that are not in compliance are subject to fines or suspension of credit card processing privileges.

Tags: Security Management

Improving Compliance and Efficiency With Sun Identity Auditing: Sun-on-Sun Case Study 2007-04-01 Sun Microsystems

Faced with increasing compliance challenges since the passage of the Sarbanes-Oxley Act of 2002 and other regulations governing data integrity and privacy, Sun deployed Sun identity auditing and other identity management capabilities to improve access control and to achieve operational efficiencies. This paper recounts the process from solution criteria and selection through planning and deployment, and describes the benefits that have resulted for both Sun and its customers.

Tags: Security Management

Achieving PCI Compliance For: Privileged Password Management & Remote Vendor Access 2007-04-01 e-DMZ Security

Though PCI compliance is not a government driven requirement such as Sarbanes Oxley and HIPAA, noncompliance under PCI can have a devastating impact on any enterprise that relies on credit card transactions. The contract with credit card companies requires that as an organization one complies with PCI. Non-compliance with PCI can result in specific contractual penalties and/or revocation of the rights as an enterprise to process credit card transactions. Like all compliance and regulatory requirements, there is no single product or policy/procedure that will assure the compliance. THERE IS NO SILVER BULLET for PCI COMPLIANCE. PCI compliance requires that the enterprise deploy many security technologies, and have specific policies and procedures in place.

Tags: Security Management

Advice on Enterprise Policy Management for Security and Compliance 2007-04-01 Enterprise Management Associates

Off late, the nature of network security has undergone a dramatic change. It was not that long ago those efforts focused primarily on securing a perimeter around the trusted network. Security policy was implemented by control points that filtered traffic passing between trusted and untrusted networks. These control points typically focused on packet filtering via a firewall, a router access control list, or a combination of both. The advantage of this approach was the ease of administration afforded by the centralization of controls, assuring the enforcement of a security policy on traffic moving between zones of trust.

Tags: Security Management,

How to Achieve Compliance With Payment Card Industry (PCI) Data Protection Clauses and Protect Against Data Breaches 2007-03-29 TIZOR

With the severity of recent data breaches, anxiety in the security and compliance community has reached a new high. Questions are being asked about what it means to be PCI compliant, particularly in the context of protecting data from data breaches. This paper describes two PCI requirements for cardholder data protection: data auditing and data encryption. As mandated by PCI 10, data auditing should provide for detailed monitoring of all access to the card holder as well as alerting on potential data theft. As mandated by PCI 3, data encryption should be used to render cardholder data unreadable to anyone who is not authorized. While these two capabilities are distinct, they can be synergistic.

Tags: Security Management, Data Recovery - Security

You Sure You Want to Charge That?: Is the PCI DSS Protecting You? 2007-03-26 Configuresoft

The Payment Card Industry Data Security Standard, or PCI DSS, was established to create a unified security standard whose implications have grown due to new industry regulations. Security requirements were established in six major areas that cover 12 requirements. Credit card vendors enforce the PCI DSS and penalties are harsh for merchants who fail to comply. The following white paper outlines the six major areas that many businesses may not yet be fully aware.

Tags: Security Management

Citrix Solutions for Complying With PCI-DSS: Ensuring Protection of Web Applications and Privacy of Cardholder Information 2007-03-01 Citrix Systems

The Payment Card Industry Data Security Standard (PCI-DSS) is a global standard governed by the major credit card companies. The standard comprises a set of directives for entities that handle credit cards, with the goal of reducing fraud. PCI-DSS presents the framework for protecting sensitive cardholder and authentication data, providing financial benefits to organizations that are in compliance. Citrix Application Firewall, along with other Citrix solutions, provides a strong platform for compliance with PCI-DSS application security requirements and overall protection of critical Web applications.

Tags: Security Management

Beyond Compliance: CA Enables the Enterprise to Meet Demands Today, Provides Flexibility for the Future 2007-03-01 IDG (International Data Group)

Security concerns abound today, complicated by both internal and external threats and an ever-growing list of mandated compliance requirements. Compliance is now an integral component of everyday business practices. As security and compliance issues merge with business objectives, organizational needs are growing beyond compliance. IDC sees regulatory compliance as the leading driver of IAM market revenue in 2006 and one expects this to continue in 2007. IDC anticipates the overall IAM software market to exceed $4 billion in revenue by 2009.

Tags: Security Management

Jump to 1 2 3 4 5 [6] 7 8 9 10

Title	Date Added	Company
Compliance: SEC 17a-4/NASD 3010/3110	2007-04-17	Biscom
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today. Tags: Data Recovery - Security, SEC Rule 17A-4
Compliance: The California Security Breach Notification Act (SB 1386)	2007-04-17	Biscom
The California Security Breach Notification Act states that any business or agency that uses a computer to store confidential personal information about a California resident must immediately notify that individual upon discovering any breach to the computer system upon which this information is stored. Failure to notify the individual(s) could subject the business/agency to civil damages and lawsuits. The statute became effective July 01, 2003. While lawsuits can be sufficiently damaging to a company's bottom line and reputation by themselves, failing to deal with the risks associated with SB 1386 could trigger violations of the Sarbanes-Oxley Act, which has serious consequences for violators. Tags: Data Recovery - Security, Sarbanes-Oxley
Is Your WLAN Putting Your PCI Compliance at Risk?	2007-04-12	Colubris Networks
The Payment Card Industry (PCI) Data Security Standard was created in 2004 by major credit card companies - American Express, Discover Financial, JCB, MasterCard Worldwide, and Visa International - to provide security and privacy of customers' credit card data and personal information. The PCI standard sets specific guidelines for the storage, processing, and transmittal of all associated data in order to protect cardholders from identify theft. PCI compliance is mandatory for all merchants that store, process or transmit credit card data through retail stores, mail order, telephone order and online sites. Retailers that are not in compliance are subject to fines or suspension of credit card processing privileges. Tags: Security Management
Improving Compliance and Efficiency With Sun Identity Auditing: Sun-on-Sun Case Study	2007-04-01	Sun Microsystems
Faced with increasing compliance challenges since the passage of the Sarbanes-Oxley Act of 2002 and other regulations governing data integrity and privacy, Sun deployed Sun identity auditing and other identity management capabilities to improve access control and to achieve operational efficiencies. This paper recounts the process from solution criteria and selection through planning and deployment, and describes the benefits that have resulted for both Sun and its customers. Tags: Security Management
Achieving PCI Compliance For: Privileged Password Management & Remote Vendor Access	2007-04-01	e-DMZ Security
Though PCI compliance is not a government driven requirement such as Sarbanes Oxley and HIPAA, noncompliance under PCI can have a devastating impact on any enterprise that relies on credit card transactions. The contract with credit card companies requires that as an organization one complies with PCI. Non-compliance with PCI can result in specific contractual penalties and/or revocation of the rights as an enterprise to process credit card transactions. Like all compliance and regulatory requirements, there is no single product or policy/procedure that will assure the compliance. THERE IS NO SILVER BULLET for PCI COMPLIANCE. PCI compliance requires that the enterprise deploy many security technologies, and have specific policies and procedures in place. Tags: Security Management
Advice on Enterprise Policy Management for Security and Compliance	2007-04-01	Enterprise Management Associates
Off late, the nature of network security has undergone a dramatic change. It was not that long ago those efforts focused primarily on securing a perimeter around the trusted network. Security policy was implemented by control points that filtered traffic passing between trusted and untrusted networks. These control points typically focused on packet filtering via a firewall, a router access control list, or a combination of both. The advantage of this approach was the ease of administration afforded by the centralization of controls, assuring the enforcement of a security policy on traffic moving between zones of trust. Tags: Security Management,
How to Achieve Compliance With Payment Card Industry (PCI) Data Protection Clauses and Protect Against Data Breaches	2007-03-29	TIZOR
With the severity of recent data breaches, anxiety in the security and compliance community has reached a new high. Questions are being asked about what it means to be PCI compliant, particularly in the context of protecting data from data breaches. This paper describes two PCI requirements for cardholder data protection: data auditing and data encryption. As mandated by PCI 10, data auditing should provide for detailed monitoring of all access to the card holder as well as alerting on potential data theft. As mandated by PCI 3, data encryption should be used to render cardholder data unreadable to anyone who is not authorized. While these two capabilities are distinct, they can be synergistic. Tags: Security Management, Data Recovery - Security
You Sure You Want to Charge That?: Is the PCI DSS Protecting You?	2007-03-26	Configuresoft
The Payment Card Industry Data Security Standard, or PCI DSS, was established to create a unified security standard whose implications have grown due to new industry regulations. Security requirements were established in six major areas that cover 12 requirements. Credit card vendors enforce the PCI DSS and penalties are harsh for merchants who fail to comply. The following white paper outlines the six major areas that many businesses may not yet be fully aware. Tags: Security Management
Citrix Solutions for Complying With PCI-DSS: Ensuring Protection of Web Applications and Privacy of Cardholder Information	2007-03-01	Citrix Systems
The Payment Card Industry Data Security Standard (PCI-DSS) is a global standard governed by the major credit card companies. The standard comprises a set of directives for entities that handle credit cards, with the goal of reducing fraud. PCI-DSS presents the framework for protecting sensitive cardholder and authentication data, providing financial benefits to organizations that are in compliance. Citrix Application Firewall, along with other Citrix solutions, provides a strong platform for compliance with PCI-DSS application security requirements and overall protection of critical Web applications. Tags: Security Management
Beyond Compliance: CA Enables the Enterprise to Meet Demands Today, Provides Flexibility for the Future	2007-03-01	IDG (International Data Group)
Security concerns abound today, complicated by both internal and external threats and an ever-growing list of mandated compliance requirements. Compliance is now an integral component of everyday business practices. As security and compliance issues merge with business objectives, organizational needs are growing beyond compliance. IDC sees regulatory compliance as the leading driver of IAM market revenue in 2006 and one expects this to continue in 2007. IDC anticipates the overall IAM software market to exceed $4 billion in revenue by 2009. Tags: Security Management

Security

Featured Whitepapers

Member Login

Oracle Technology Solutions for Midsize Businesses

Industry Report: Financial Services