-
This is part of a blog series. For more details, start with the intro . Manage risk appropriately, not compliance If it was all about compliance, we wouldn’t be hearing about the constant data breaches supposedly PCI compliant organisations keep being subjected to. Sure, if there are compliance...
Posted to
Security Web
by
Ian Yip
on
Sep 3, 2012
Filed under:
Filed under: PCI DSS, Compliance, Risk Management, IT Security, Risk, Information Security, Audits, Ian Yip, Trust, Security Web
-
If you’re like me, you’re confused about the current state of the IT job market. A quick Internet search yields conflicting and discouraging headlines, such as: “IT Job Market Sees Improvement in 2012” “IT Job Market Shows Signs of Stagnation” “Companies Suffer...
Posted to
Security Web
by
Renee Bradshaw
on
Aug 15, 2012
Filed under:
Filed under: IT process automation, PCI DSS, SCAP, PCI Standards Council, Compliance, Policy Management, Secure Configuration Manager, HIPAA, PCI, Risk Management, PCI Standard, PA-DSS, Regulations, HIPPA: NERC CIP, SOX, NERC CIP, NERC, Standards, HITECH, regulation, PCI-DSS, IT Security, Standard of Good Practice, LinkedIn, Personally Identifiable Information, IT Budget, Security Certifications, IT Audit, Auditors, Security Management, Audit, Renee Bradshaw, Requirements, Audits, Automation, SIEM, Sentinel, Change Guardian, Audit Reporting, Sentinel 7, mandates, Mandate, Compliance Automation, Security Web
-
A few weeks ago, as I was deleting bogus emails from a few friends whose accounts had been hacked and working with my bank to replace a credit card, I began reflecting on security and compliance over the past year and comparing that to trends I see coming. Having spent a good portion of my career in...
Posted to
Security Web
by
Michael Colson
on
Aug 9, 2012
Filed under:
Filed under: Security, Data Breach, PCI DSS, Compliance, Verizon Breach Report, regulation, Information Security, Audit, Mike Colson, hacker, password policy, corporate risk, Mandate, Michael Colson, Security Web
-
Cloud architectures aren’t secure. That’s one takeaway I got from Bob Violino 's piece for Computerworld: " Cloud SWAT teams ". It outlines a security incident response approach we recommend on a regular basis, in fact you'll find us saying the same thing to Computerworld...
Posted to
Security Web
by
RichardWhitehead
on
Jan 9, 2012
Filed under:
Filed under: PCI DSS, NetIQ, Cloud Computing, Compliance, Computerworld, HIPAA, cloud security, SOX, Identity Theft, Public Cloud, Sony, Novell, Harris Interactive, Bob Violino, Amazon Web Services, Cloud Security Services, Access Management, RichardWhitehead, Security Web
-
On June 30th we hosted along with leading online resource for information security professionals, Dark Reading , the webcast The Zero Trust Model: Putting Data Protection First with guest speaker John Kindervag , Senior Analyst at Forrester Research, Inc. and Renee Bradshaw, Senior Product Marketing...
Posted to
Security Web
by
David Shephard
on
Jul 6, 2011
Filed under:
Filed under: Security, Forrester Research, PCI DSS, NetIQ, SC Magazine, RSA, Verizon Breach Report, John Kindervag, Cloud, SaaS, PaaS, CISO, Log Files, Breach, Sony, Social Engineering, Identity Management, Zero Trust, NAV, IT, trusted, Trusted Users, Networks, Dark Reading, SIM, log data, Wireshark, Interfaces, data centric, PlayStation Network, SIEM, Cox Communications, Multitenancy, IaaS, Security as a Service, David Shephard, Security Web
-
Access governance is quickly emerging as a must-have capability for organizations that are required to comply with a growing list of industry and government regulations. In fact, several regulations - including PCI-DSS, Sarbanes-Oxley, HIPAA, HITECH, NERC and others - require organizations to continually...
Posted to
Security Web
by
Chase Jones
on
Jun 21, 2011
Filed under:
Filed under: PCI DSS, NetIQ, Compliance, HIPAA, Risk Management, NERC CIP, WikiLeaks, Burton Group, Julian Assange, Sarbanes-Oxley, Access Certification, Bradley Manning, Novell, Soxs, IdM, Identity Management, Chase Jones, Security Web
-
Today, organizations like yours are under tremendous pressure to meet multiple compliance directives around regulatory and industry mandates (like PCI DSS , HIPAA/HITECH , NERC CIP , SOX , ISO , CobiT , FISMA and GLB , among others), all while maintaining a secure environment, in complete alignment with...
Posted to
Security Web
by
Renee Bradshaw
on
Apr 18, 2011
Filed under:
Filed under: Security, PCI DSS, Compliance, Heartland, HIPAA, SOX, NERC CIP, ISO 27000, COBIT, Breach, Mike Chapple, Institute of Electrical and Electronics Engineers, IT Audit, FISMA, IEEE, T.J. Maxx, CitySights NY, GLB, Notre Dame, Renee Bradshaw, Security Web
-
During a recent webinar: Combat Insider Threat: Proven Strategies from CERT ; I polled the following question to attendees: How do you detect unmanaged changes to critical system files? We wanted to understand how the attendees organizations were monitoring and responding to unmanaged changes by privileged...
Posted to
Security Web
by
Renee Bradshaw
on
Mar 8, 2011
Filed under:
Filed under: Data Breach, PCI DSS, File Integrity Monitoring, FIM, CERT, insider threat, Priviledged User, Unmanaged Change, Log Files, Logs, SOC, Renee Bradshaw, Security Web
-
Here we are in November and our first of eight events is already underway in Herndon, Virginia... Nov 2-4, 2010, Herndon, VA : This Secure Configuration Manager Essentials lecture/lab-style, three-day course will help you understand, deploy and successfully use NetIQ Secure Configuration Manager . Designed...
Posted to
NetIQ Blog
by
David Shephard
on
Nov 3, 2010
Filed under:
Filed under: IT Process Automation, ITPA, AppManager, Secure Configuration Manager, Active Directory, PCI DSS, Directory and Resource Administrator, Exchange Administrator, DRA, Abu Dhabi, Milan, Partner Cmmunity Council, itSMF, PCC EMEA, Porto, NetIQ, ItSMF Italia, Events, PCI Abu Dhabi, Avaya, November, Security Benchmark, David Shephard, Frost &, Sullivan, Drop, amp
-
Here in Houston we are in the midst of hurricane season. Which, while I compiled this blog post guide to NetIQ's upcoming conferences, webcasts, gatherings and training events (where you can catch up with us and learn more about our solutions) leaves me wondering whether there is an opportunity to...
Posted to
NetIQ Blog
by
David Shephard
on
Sep 28, 2010
Filed under:
Filed under: IT Process Automation, AppManager, Houston, Training, Security Manager, Staines, Risk, NERC, Monaco, Active Directory, CIO, PCI DSS, ISACA, SOX, HIPPA, Directory and Resource Administrator, CISO, Exchange Administrator, ExA, Les Assises, IT-SA, DRA, Course, Australia, Munich, Nuremburg, RSA Conference, David Shephard, Drop
-
As I discussed in my last post , the Verizon RISK Team 2010 Data Breach Investigations Report ties poor rates of compliance with PCI DSS to data breaches. Specifically, 79% of the organizations that suffered breaches and were subject to PCI DSS were not in compliance as of their last assessment. The...
Posted to
Security Web
by
Todd Tucker
on
Aug 23, 2010
Filed under:
Filed under: PCI DSS, Compliance, File Integrity Monitoring, FIM, Verizon RISK Team, Data Breach Report, AntiVirus, physical compromise, malware, hacking, Todd Tucker, Security Web
-
I finally had the time to read the Verizon RISK Team 2010 Data Breach Investigations Report , which was published a few weeks ago. I had found last year’s report very insightful, as it provides a detailed analysis of their investigations of hundreds of data breaches over the past several years...
Posted to
Security Web
by
Todd Tucker
on
Aug 10, 2010
Filed under:
Filed under: PCI DSS, Credit Card Data, HIPAA, Verizon Breach Report, Database Activity Monitoring, NERC, compromised records, Verizon RISK Team, Data Breach Report, HITECH, Todd Tucker, Security Web
-
It’s the beginning of June in Houston, Texas (where NetIQ is headquartered) and it’s starting to get HOT! But, we’ve recently had some exciting news from the good folks at SC Magazine regarding NetIQ Secure Configuration Manager , our compliance assessment, reporting, and remediation...
Posted to
Security Web
by
Renee Bradshaw
on
Jun 7, 2010
Filed under:
Filed under: PCI DSS, SC Magazine, Compliance, Secure Configuration Manager, HIPAA, PCI, FDCC, PCI Standard, SOX, NERC CIP, NERC, TechEd, Renee Bradshaw, Security Web
-
For a long time, security teams have been forced to play catch-up to a bewildering number of threats, and an equally bewildering number of technical responses. I recently wrote an article for InfoSecurity Magazine addressing where I think this has left the security industry - swamped with too many things...
Posted to
Security Web
by
Geoff Webb
on
Apr 9, 2010
Filed under:
Filed under: Forrester Research, Data Breach, PCI DSS, Geoff Webb, Compliance, Data Protection, Data Security, John Kindervag, File Integrity Monitoring, FIM, Security Web
-
Next week I'm one of the presenters for the SC Magazine PCI eConference which should be interesting. I'll be talking (and hopefully answering questions on) the subject of how to use what you're already doing to get PCI compliant to actually help (shock horror) make you more secure. Yes, it's...