Qmunity: Your Colleagues. Your Connections. Your Content.
Sign in
|
Join
|
Help
|
NetIQ.com
H
OME
B
LOGS
F
ORUMS
N
OTIFICATIONS
G
ROUPS
N
ETIQ
S
UPPORT
Security Web
»
All Tags
»
PCI DSS
(
RSS
)
Security Web
Home
Contact
Follow Us
Follow us on Twitter
Follow us on Facebook
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go
Recent Posts
10 IT Security Considerations - No.5 Manage Risk
Managing Your IT Resources for Continuous Compliance
Compliance is dead. Long live Compliance!
Cloud Security: SWAT Your Worry?
Questions & Answers from The Zero Trust Model - Putting Data Protection First
Tags
Access Control
BYOD
Cloud
Cloud Computing
cloud security
Compliance
Data Breach
Data Security
David Shephard
Geoff Webb
IAM
Identity and Access Management
IdM
IT process automation
IT Security
JeffCutler
Michael F. Angelo
NetIQ
PCI DSS
Renee Bradshaw
RSA
SaaS
Security
Security Web
SIEM
View more
Archives
May 2013 (5)
April 2013 (5)
March 2013 (3)
December 2012 (3)
November 2012 (8)
October 2012 (6)
September 2012 (6)
August 2012 (16)
July 2012 (5)
May 2012 (2)
March 2012 (8)
February 2012 (2)
January 2012 (2)
December 2011 (2)
November 2011 (2)
October 2011 (3)
July 2011 (7)
June 2011 (7)
May 2011 (7)
April 2011 (13)
March 2011 (6)
February 2011 (6)
December 2010 (2)
November 2010 (3)
October 2010 (1)
September 2010 (1)
August 2010 (4)
July 2010 (2)
June 2010 (7)
May 2010 (3)
April 2010 (3)
March 2010 (9)
February 2010 (4)
January 2010 (1)
December 2009 (1)
November 2009 (1)
October 2009 (1)
September 2009 (2)
August 2009 (3)
July 2009 (3)
June 2009 (3)
May 2009 (5)
April 2009 (7)
March 2009 (6)
February 2009 (8)
January 2009 (10)
Access Certification
Access Control
Access Management
Amazon Web Services
AntiVirus
Audit
Audit Reporting
Auditors
Audits
Automation
Bankinfosecurity
Bob Russo
Bob Violino
Bradley Manning
Breach
Burton Group
CERT
Change Control
Change Guardian
Chase Jones
CISO
CitySights NY
Cloud
Cloud Computing
cloud security
Cloud Security Services
COBIT
Compliance
Compliance Automation
compromised records
computer crime
Computerworld
corporate risk
Cox Communications
Credit Card Data
Dark Reading
Data Breach
Data Breach Report
data centric
Data Protection
Data Security
Database Activity Monitoring
David Shephard
Dorian Cougais
Elvis
eWeek
FDCC
File Integrity Monitoring
FIM
FISMA
Forrester Research
Geoff Webb
GLB
hacker
hacking
Harris Interactive
Heartland
Heartland Breach
HIPAA
HIPPA: NERC CIP
HITECH
IaaS
Ian Yip
IBM iSeries
Identity Management
Identity Theft
IdM
IEEE
Information Security
Insider Attack
IT Audit
IT process automation
IT Security
John Kindervag
Log Files
Mandate
NERC
NERC CIP
NetIQ
Novell
PA-DSS
PCI
PCI Standard
PCI Standards Council
regulation
Renee Bradshaw
Risk Management
RSA
SaaS
Sarbanes-Oxley
SC Magazine
Secure Configuration Manager
Security
Security Web
SIEM
Sony
SOX
Todd Tucker
Verizon Breach Report
Verizon RISK Team
10 IT Security Considerations - No.5 Manage Risk
This is part of a blog series. For more details, start with the intro . Manage risk appropriately, not compliance If it was all about compliance, we wouldn’t be hearing about the constant data breaches supposedly PCI compliant organisations keep...
Published
Mon, Sep 09 2012 9:29 AM
by
Ian Yip
Filed under:
PCI DSS
,
Compliance
,
Risk Management
,
IT Security
,
Risk
,
Information Security
,
Audits
,
Ian Yip
,
Trust
,
Security Web
Managing Your IT Resources for Continuous Compliance
If you’re like me, you’re confused about the current state of the IT job market. A quick Internet search yields conflicting and discouraging headlines, such as: “IT Job Market Sees Improvement in 2012” “IT Job Market Shows...
Published
Wed, Aug 08 2012 8:41 AM
by
Renee Bradshaw
Filed under:
IT process automation
,
PCI DSS
,
SCAP
,
PCI Standards Council
,
Compliance
,
Policy Management
,
Secure Configuration Manager
,
HIPAA
,
PCI
,
Risk Management
,
PCI Standard
,
PA-DSS
,
Regulations
,
HIPPA: NERC CIP
,
SOX
,
NERC CIP
,
NERC
,
Standards
,
HITECH
,
regulation
,
PCI-DSS
,
IT Security
,
Standard of Good Practice
,
LinkedIn
,
Personally Identifiable Information
,
IT Budget
,
Security Certifications
,
IT Audit
,
Auditors
,
Security Management
,
Audit
,
Renee Bradshaw
,
Requirements
,
Audits
,
Automation
,
SIEM
,
Sentinel
,
Change Guardian
,
Audit Reporting
,
Sentinel 7
,
mandates
,
Mandate
,
Compliance Automation
,
Security Web
Compliance is dead. Long live Compliance!
A few weeks ago, as I was deleting bogus emails from a few friends whose accounts had been hacked and working with my bank to replace a credit card, I began reflecting on security and compliance over the past year and comparing that to trends I see coming...
Published
Thu, Aug 08 2012 9:18 AM
by
Michael Colson
Filed under:
Security
,
Data Breach
,
PCI DSS
,
Compliance
,
Verizon Breach Report
,
regulation
,
Information Security
,
Audit
,
Mike Colson
,
hacker
,
password policy
,
corporate risk
,
Mandate
,
Michael Colson
,
Security Web
Cloud Security: SWAT Your Worry?
Cloud architectures aren’t secure. That’s one takeaway I got from Bob Violino 's piece for Computerworld: " Cloud SWAT teams ". It outlines a security incident response approach we recommend on a regular basis, in fact you'll...
Published
Mon, Jan 01 2012 11:19 AM
by
RichardWhitehead
Filed under:
PCI DSS
,
NetIQ
,
Cloud Computing
,
Compliance
,
Computerworld
,
HIPAA
,
cloud security
,
SOX
,
Identity Theft
,
Public Cloud
,
Sony
,
Novell
,
Harris Interactive
,
Bob Violino
,
Amazon Web Services
,
Cloud Security Services
,
Access Management
,
RichardWhitehead
,
Security Web
Questions & Answers from The Zero Trust Model - Putting Data Protection First
On June 30th we hosted along with leading online resource for information security professionals, Dark Reading , the webcast The Zero Trust Model: Putting Data Protection First with guest speaker John Kindervag , Senior Analyst at Forrester Research,...
Published
Wed, Jul 07 2011 12:55 PM
by
David Shephard
Filed under:
Security
,
Forrester Research
,
PCI DSS
,
NetIQ
,
SC Magazine
,
RSA
,
Verizon Breach Report
,
John Kindervag
,
Cloud
,
SaaS
,
PaaS
,
CISO
,
Log Files
,
Breach
,
Sony
,
Social Engineering
,
Identity Management
,
Zero Trust
,
NAV
,
IT
,
trusted
,
Trusted Users
,
Networks
,
Dark Reading
,
SIM
,
log data
,
Wireshark
,
Interfaces
,
data centric
,
PlayStation Network
,
SIEM
,
Cox Communications
,
Multitenancy
,
IaaS
,
Security as a Service
,
David Shephard
,
Security Web
Access Governance Key to Compliance and Risk Management Efforts
Access governance is quickly emerging as a must-have capability for organizations that are required to comply with a growing list of industry and government regulations. In fact, several regulations - including PCI-DSS, Sarbanes-Oxley, HIPAA, HITECH,...
Published
Tue, Jun 06 2011 4:55 PM
by
Chase Jones
Filed under:
PCI DSS
,
NetIQ
,
Compliance
,
HIPAA
,
Risk Management
,
NERC CIP
,
WikiLeaks
,
Burton Group
,
Julian Assange
,
Sarbanes-Oxley
,
Access Certification
,
Bradley Manning
,
Novell
,
Soxs
,
IdM
,
Identity Management
,
Chase Jones
,
Security Web
An Insider's Perspective: IT Audits Can Maximize Your Security!
Today, organizations like yours are under tremendous pressure to meet multiple compliance directives around regulatory and industry mandates (like PCI DSS , HIPAA/HITECH , NERC CIP , SOX , ISO , CobiT , FISMA and GLB , among others), all while maintaining...
Published
Mon, Apr 04 2011 2:50 PM
by
Renee Bradshaw
Filed under:
Security
,
PCI DSS
,
Compliance
,
Heartland
,
HIPAA
,
SOX
,
NERC CIP
,
ISO 27000
,
COBIT
,
Breach
,
Mike Chapple
,
Institute of Electrical and Electronics Engineers
,
IT Audit
,
FISMA
,
IEEE
,
T.J. Maxx
,
CitySights NY
,
GLB
,
Notre Dame
,
Renee Bradshaw
,
Security Web
New Chart: Detecting Unmanaged Changes to Critical System Files
During a recent webinar: Combat Insider Threat: Proven Strategies from CERT ; I polled the following question to attendees: How do you detect unmanaged changes to critical system files? We wanted to understand how the attendees organizations were monitoring...
Published
Tue, Mar 03 2011 4:00 PM
by
Renee Bradshaw
Filed under:
Data Breach
,
PCI DSS
,
File Integrity Monitoring
,
FIM
,
CERT
,
insider threat
,
Priviledged User
,
Unmanaged Change
,
Log Files
,
Logs
,
SOC
,
Renee Bradshaw
,
Security Web
Reliance on AntiVirus Software: The Real Failure of PCI DSS
As I discussed in my last post , the Verizon RISK Team 2010 Data Breach Investigations Report ties poor rates of compliance with PCI DSS to data breaches. Specifically, 79% of the organizations that suffered breaches and were subject to PCI DSS were not...
Published
Mon, Aug 08 2010 12:49 PM
by
Todd Tucker
Filed under:
PCI DSS
,
Compliance
,
File Integrity Monitoring
,
FIM
,
Verizon RISK Team
,
Data Breach Report
,
AntiVirus
,
physical compromise
,
malware
,
hacking
,
Todd Tucker
,
Security Web
Report Ties Abysmal Compliance Stats with Data Breaches...
I finally had the time to read the Verizon RISK Team 2010 Data Breach Investigations Report , which was published a few weeks ago. I had found last year’s report very insightful, as it provides a detailed analysis of their investigations of hundreds...
Published
Tue, Aug 08 2010 11:16 AM
by
Todd Tucker
Filed under:
PCI DSS
,
Credit Card Data
,
HIPAA
,
Verizon Breach Report
,
Database Activity Monitoring
,
NERC
,
compromised records
,
Verizon RISK Team
,
Data Breach Report
,
HITECH
,
Todd Tucker
,
Security Web
Compliance is “Hot”: And we’re not the only ones who think so!
It’s the beginning of June in Houston, Texas (where NetIQ is headquartered) and it’s starting to get HOT! But, we’ve recently had some exciting news from the good folks at SC Magazine regarding NetIQ Secure Configuration Manager , our...
Published
Mon, Jun 06 2010 10:47 AM
by
Renee Bradshaw
Filed under:
PCI DSS
,
SC Magazine
,
Compliance
,
Secure Configuration Manager
,
HIPAA
,
PCI
,
FDCC
,
PCI Standard
,
SOX
,
NERC CIP
,
NERC
,
TechEd
,
Renee Bradshaw
,
Security Web
Short-term gain, long-term pain, and just a little bit of integrity (for files)
For a long time, security teams have been forced to play catch-up to a bewildering number of threats, and an equally bewildering number of technical responses. I recently wrote an article for InfoSecurity Magazine addressing where I think this has left...
Published
Fri, Apr 04 2010 3:56 PM
by
Geoff Webb
Filed under:
Forrester Research
,
Data Breach
,
PCI DSS
,
Geoff Webb
,
Compliance
,
Data Protection
,
Data Security
,
John Kindervag
,
File Integrity Monitoring
,
FIM
,
Security Web
Preparing for the PCI eConference
Next week I'm one of the presenters for the SC Magazine PCI eConference which should be interesting. I'll be talking (and hopefully answering questions on) the subject of how to use what you're already doing to get PCI compliant to actually...
Published
Wed, Mar 03 2010 3:48 PM
by
Geoff Webb
Filed under:
Security
,
PCI DSS
,
Geoff Webb
,
SC Magazine
,
Compliance
,
PCI Standard
,
Security Web
PCI Insight from RSA 2010
I attended the 2010 RSA Conference in San Francisco last week. As expected, one of the major themes resonating throughout the conference keynotes, sessions, and exhibit hall was the opportunity we have as security professionals to help secure increasingly...
Published
Fri, Mar 03 2010 10:40 AM
by
Renee Bradshaw
Filed under:
Security
,
Data Breach
,
PCI DSS
,
PCI Standards Council
,
Compliance
,
RSA
,
PCI
,
RSA Conference
,
Verizon Breach Report
,
RSA 2010
,
PTS
,
PCI Standard
,
PA-DSS
,
Bob Russo
,
Renee Bradshaw
,
Security Web
Security 2010: What, me worry?
After my last post on human error, and how it contributes to significant data breaches, I haven’t been able to get the idea out of my head. It should come as no surprise that we have found that companies may have the best security tools and resources...
Published
Wed, Feb 02 2010 11:18 AM
by
Renee Bradshaw
Filed under:
Security
,
Data Breach
,
PCI DSS
,
Insider Attack
,
Ponemon Institute
,
PCI Standards Council
,
Compliance
,
Secure Configuration Manager
,
Malicious
,
PCI
,
computer crime
,
non-malicious insider
,
malicious insider
,
Renee Bradshaw
,
Security Web
1
2
Next >
Home
|
Terms of Use
|
Privacy Policy
|
NetIQ.com
|
Attachmate.com
NetIQ, an Attachmate Business