Regulation
Regulatory Resources - EU Specific
Submitted by tintagel on Wed, 2008-02-20 13:05. RegulationEuropean Union Data Protection Directive (EUDPD)
more to come
.
.
.
MS Technet on regulations & standards: http://www.microsoft.com/technet/security/guidance/complianceandpolicies/compliance/rcguide/1-03-00.mspx?mfr=true
Regulatory Resources - USA Specific
Submitted by tintagel on Wed, 2008-02-20 13:02. RegulationIn draft state - populate, organize and format:
GLBA
SOX
FFIEC
OCC
FDIC
NCUA
ITAR
HIPPA
.
.
.
ITIL:
http://www.itlibrary.org/
http://www.itil-officialsite.com/home/home.asp
http://www.best-management-practice.com/
http://itsm.fwtk.org/
http://www.networkworld.com/topics/ITIL.html
CobIT:
http://www.isaca.org/cobit/
http://en.wikipedia.org/wiki/COBIT
http://www.cobit.org/
http://www.itmanagersjournal.com/feature/11014
ISO:
http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf
http://en.wikipedia.org/wiki/ISO_17799
Security Practitioners' Forum (monthly meeting) [IT's Role in Regulatory Compliance as a Competitive Advantage]
Submitted by tintagel on Mon, 2006-06-26 18:30. Meetings | Regulation | SPF2006-06-26 18:30
2006-06-26 20:30
Etc/GMT-7
The monthly meeting of the Security Practitioners' Forum (Security Users' Group)
- Topic: IT's Role in Regulatory Compliance as a Competitive Advantage
- How the IT shop can provide leadership in regulatory compliance and turn it into a competitive advantage. SOX, GLBA, HIPAA, SB1386 and ISO17799
- Presenter: Charles Rogers
The discussion tonight will be about how IT, Software and Security Professionals can help leverage recent regulations as a competitive advantage.
IRS's Inadequate Security Leaves Taxpayer Data Largely Unprotected
Submitted by tintagel on Sun, 2006-04-23 23:29. Financial Services | Regulation | VulnerabilitiesEPIC (Electronic Privacy Information Center) put the Spotlight on the IRS. They didn't fare so well:
Recently, IRS has come under fire for issues related to individual privacy. Government reports have found that the agency has poor physical and electronic security, and it has had considerable trouble with its contractors improperly accessing and collecting sensitive taxpayer information
Authentication: The Pitfall Of Two Factor Authentication
Submitted by tintagel on Thu, 2006-04-13 22:40. Applied | Financial Services | Regulation | Risk AnalysisNetworksec.org have an interesting article about two-factor authentication:
A lot of banks in the US are busy preparing themselves for new federal requirements on two factor authentication for online banking. Everyone seems to be excited about the two factor authentication systems such as the one-time password (OTP), soft and hard tokens. However, it should be noted that two factor authentication is not the "end-all" and "be-all" of authentication solution that will stop phishing and other attacks in their tracks.
Security Practitioners' Forum (monthly meeting) [Regulatory Roundup]
Submitted by tintagel on Mon, 2006-03-27 19:09. Events | Legal | Meetings | Regulation | SPF2006-03-27 18:30
2006-03-27 20:30
Etc/GMT-7
The monthly meeting of the Security Practitioners' Forum (Security Users' Group)
- Topic: Regulatory Roundup
- Recent happenings in the land of SOX, GLBA, HIPAA, SB1386 and ISO17799 and why we care as IT, Software and Security Professionals.
- Presenter: Alan Proctor
The discussion tonight will be about recent developments in the field of regulatory compliance and how we as IT, Software and Security professionals are impacted and can show leadership in these traditionally non-IT challenges.
Gramm-Leach-Bliley: No Duty To Encrypt
Submitted by tintagel on Tue, 2006-03-21 00:22. Cryptography | Financial Services | Legal | Politics | RegulationFindLaw.com have the following story:
"In a legal decision that could have broad implications for financial institutions, a court has ruled recently that a student loan company was not negligent and did not have a duty under the Gramm-Leach-Bliley statute to encrypt a customer database on a laptop computer that fell into the wrong hands."
SecurityFocus.com's Mark Rash has an excellent article about this decision[PFD].
