Payment Card Industry Standards Updated

Excerpted from SANS NewsBites (see www.sans.org to subscribe): –Credit Card Companies Update PCI (8 September 2006) The five major credit card companies, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, have formed the Payment Card Industry Security Standards Council, marking the first time all have agreed on a common framework for payment…

0

Reaching Out to Individual Contributors

The most important but sometimes overlooked aspect of regulatory compliance is in getting the buy-in of the people who will be doing the work. Getting management buy-in is a pretty simple matter of discussing economics and the negative impact that non-compliance has on the business. ROI, cost benefit analysis, the impact of losses for fines,…

2

A Sustainable Spreadsheet Compliance Framework with Excel 2007, Office 2007 and Office SharePoint Server 2007

Spreadsheets are ubiquitous.  For many organizations they are a critical resource and essential to business processes.  With Office 2007 and Office SharePoint Server 2007 it will be much easier to maintain a sustainable spreadsheet compliance framework.   Office 2007 and Office SharePoint Server 2007  will provide some key capabilities that will assist greatly in the…

0

Auditing Rant!

I am seeing a disturbing trend in the industry and I am going to complain. Over the past few months, I have seen requests for clarity for SOX compliance auditing from IT managers through their contacts at Microsoft. Questions are being posed by these contacts asking for clarification of a particular finding from a SOX…

1

Break Down Regulatory Complaince Into Manageable Steps

Are your regulatory compliance (RC) policies being followed the way you expect them to be?  Helping employees comply may be easier if your RC implementation is broken into manageable steps.  JC Cannon provides some excellent advice for breaking down the complexity of RC implementation into steps:  Determine where to focus your compliance efforts.  Use procedures that validate compliance.  Consolidate the…

0

Microsoft release the Regulatory Compliance Planning Guide

Yesterday, Microsoft released the Regulatory Compliance Planning Guide.  This guide is available at http://go.microsoft.com/fwlink/?linkid=56114. The Planning Guide: shows IT professionals how they can use an IT controls framework to help address IT compliance requirements, includes a mapping of several significant regulations and standards, including Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), and Health Insurance Portability and Accountability…

0

The "F" Word

The word is framework, of course. What did you think?   It is important that we establish some way of defining the processes we are going to use and where they fit into the overall schema for our enterprise. I am not going to say that you should adopt my framework! I am going to…

0

Don’t Panic

Addressing the caveats of regulatory compliance is like approaching any other risk. We will look at the risk and then we will develop a plan to mitigate the risk. Sounds simple, right? Good, because it really is as long as we know what we need to do.  Yes, there are serious consequences for non-compliance but…

2

Regulatory Compliance Planning Guide Beta Coming

Just a heads up that Microsoft soon will be making available a beta version of a Regulatory Compliance Planning Guide that my team (Solutions for Security and Compliance) is developing.  This guide will help readers understand the types of controls that they need to address for five common regulations and standards.  In addition, it will…

0

Regulatory Compliance and the IT Manager

There are a lot of legislative bodies that are requiring IT to protect information for different reasons. It would appear that IT Professionals now need to add paralegal to their repertoire as we address some of the new challenges to defending the enterprise from those that would do us harm. This should not actually be…

2