Archive - November 2000
Security and Compliance Synergies with DLP and SIEM
Data Loss Prevention (DLP) can greatly help organizations understand and control the data that is used, stored and transmitted and it is seeing increasing use in PCI-DSS compliance. Another technology, Security Information and Event Management (SIEM), collects and analyzes data in real time from multiple sources including server logs, network devices, firewalls and intrusion detection systems. In this article, we will enumerate how the combination of SIEM and DLP can improve the security and compliance of a corporation. Taken together SIEM and DLP can work so that data flow within a corporation is transparent, therefore, affording more control to the corporation and less ability to misuse that information.
Information Security Compliance: PCI-DSS
Our last two articles have focused on compliance. Last time we looked at HIPAA and the ramifications of that bill on healthcare providers and business associates. Today the spotlight will fall on the Payment Card Industry Data Security Standard (PCI-DSS). Following a who, what, how approach, this article presents the characteristics of entities that would benefit from or are required to follow the PCI-DSS standards. It then addresses what the PCI-DSS requirements are and concludes by describing how the compliance process works.
Information Security Compliance: Which regulations relate to me?
This entry is part of a series of information security compliance articles. In subsequent articles we will discuss the specific regulations and their precise applications, at length. These regulations include HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA) among other acts and regulations.
Information security is often feared as an amorphous issue that only the IT department has to deal with. The reality is that companies need to be concerned with complying with information security from top to bottom. Regulations are in place that can help a company improve information security while non-compliance can result in severe fines. It may be difficult for a company to understand which laws apply and which ones do not because many different sets of laws can apply to one company and not another.
Reducing privacy and compliance risk with data minimization
Eric Vanderburg
What if I told you that you could reduce risk and costs at the same time? Skeptical? I would be. It sounds like some cheesy marketing ploy chuck full of hidden costs or high upfront costs with low ROI. No, I am not pitching a product or trying to sell you a solution. I am however trying to get your attention. I am talking about data minimization.
Companies collect millions of gigabytes of information, all of which has to be stored, maintained, and secured. There is a general fear of removing data lest it be needed some day but this practice is quickly becoming a problem that creates privacy and compliance risk. Some call it “data hoarding” and I am here to help you clean your closet of unnecessary bits and bytes.
