Effective communication between business units is one of the cornerstones of any well-managed business. Unfortunately, when it comes to network security and regulatory compliance, the gulf between technical staff and upper level management presents a significant hindrance to achieving key goals. The failure of management to properly understand regulatory compliance is one of the main reasons why IT departments are often understaffed or ill-prepared to protect against evolving security threats.
IT professionals are equally complicit in this issue, in part because many struggle to articulate their needs in a way management understands. Breaking out of the insular world of tech and […]
With the risk of security breaches and data theft so high, the Payment Card Industry Data Security Standard (PCI DSS) offers a coordinated effort to protect companies and consumers alike. The PCI DSS comprises 12 high-level requirements and 221 sub-requirements and provides a framework for developing a payment card data security process capable of preventing and detecting data leaks. The PCI DSS covers security domains such as system hardening, physical security, logging, auditing, application security, patching and data encrypting.
The regulatory body for PCI — the PCI Security […]
With more businesses moving their data and application storage to the cloud, it makes sense to consider outsourcing digital security as well. Managed security services have been gaining in popularity in recent years — here’s what you need to know to make smart, proactive and forward-thinking decisions when it comes to digital security outsourcing.
Is Security-as-a-Service (SaaS) Right for You?
Threats against your network are constantly evolving. From viruses to denial-of-service attacks, staying on top of potential risks is an ongoing task that demands considerable resources. Outsourcing digital security can have several benefits, particularly for smaller organizations that are struggling to stay […]
It has been more than 10 years since the initial passage of the Sarbanes–Oxley Act of 2002 and, even today, many organizations still struggle to fulfill their auditing and compliance requirements. If not done smartly, meeting your obligations as a publically traded company can be expensive, time-consuming and ultimately counterproductive for your business goals. It doesn’t have to be that way. The more you know ahead of planning for an audit, the more seamless and effective the process will be. In this article, we attempt to answer the question, “What is SOX compliance,” in the most straightforward, accessible and pragmatic way possible. […]
There’s a strain of conservatism among certain IT professionals — the enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of our industry. After all, it’s our job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when […]
Two factor authentication has long been considered one of the best ways to prevent fraud and protect sensitive information against intrusion. In March 2015, however, Yahoo generated a lot of press with the introduction of its on-demand password system, supposedly a more convenient, easier-to-use alternative to two factor authentication that nevertheless provides a high level of protection against threats.
Will Yahoo’s competitors start to adopt similar security on-demand intrusion protection, or will the technology fail to build on its initial promise? Let’s look beyond the hype and take a critical look at the relative merits of on-demand passwords and two factor authentication. […]