Archive for the ‘Security Compliance’ Category

How companies are prioritizing infosec and compliance

Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit DISC InfoSec #InfoSecTools and #InfoSectraining #InfoSecLatestTitles #InfoSecServices

Leave a Comment

Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations

How are companies’ legal departments changing to meet the needs of their organization and the needs arising from worldwide changes? Organizations face much more regulatory compliance and privacy scrutiny than ever before, and everyone is under a constant threat of cyber breach or attack. Legal plays a critical role in ensuring that all compliance obligations […]

Leave a Comment

CPRA Compliance

This tool enables you to identify your organization’s CPRA (California Privacy Rights Act) compliance gaps, and helps you plan the steps necessary to achieve ongoing compliance.

Leave a Comment

5 Updates from PCI SSC That You Need to Know

As payment technologies evolve, so do the requirements for securing cardholder data. Source: Slideshows – Dark Reading PCI DSS: Looking Ahead to Version 4.0 3 Primary Goals for PCI DSS Version 4.0 What is PCI DSS? | A Brief Summary of the Standard How to Achieve PCI DSS Compliance on AWS Subscribe to DISC InfoSec […]

Leave a Comment

CCPA – The California Consumer Privacy Act

More detail on site: Steps to CCPA Compliance roadmap Everything You Need To Know About CCPA 2018 Subscribe to DISC InfoSec blog by Email

Leave a Comment

How to get started with the NIST Cybersecurity Framework (CSF) – Expel

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out. Source: How to get started with the NIST Cybersecurity Framework (CSF) – Expel The CyberSecurity Framework Ver 1.1 Preso Virtual Session: NIST Cybersecurity Framework Explained CSS2017 Session […]

Comments (1)

Risk Management Framework for Information Systems

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy NIST 800-37r2 InfoSec Risk Assessment Compliance Framework Subscribe to DISC InfoSec blog by Email

Comments (1)

How to choose the right cybersecurity framework

Does your organization need NIST, CSC, ISO, or FAIR frameworks? Here’s how to start making sense of security frameworks. Source: How to choose the right cybersecurity framework

Comments (1)

Data flow mapping under the EU GDPR

As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations will need to map their data and information flows in order to assess their privacy risks. This is also an essential first step for completing a data protection impact assessment (DPIA), which is mandatory for certain types of processing. The key elements of […]

Leave a Comment

GDPR Documentation Toolkit and gap assessment tool

Data Protection / EU GDPR Toolkits   Use this gap assessment tool to: Quickly identify your GDPR compliance gaps Plan and prioritize your GDPR project EU GDPR Compliance Gap Assessment Tool   Accelerate your GDPR compliance implementation project with the market-leading EU GDPR Documentation Toolkit used by hundreds of organizations worldwide, now with significant improvements […]

Comments (2)

EU GDPR: Does my organization need to comply?

By Chloe Biscoe The General Data Protection Regulation (GDPR) is a new law that will harmonize data protection in the European Union (EU) and will be enforced from May 25, 2018. It aims to protect EU residents from data and privacy breaches, and has been introduced to keep up with the modern digital landscape. Who […]

Leave a Comment

The TickITplus Kick Start Guide has Been Launched

Following the release late last month of the Base Process Library, the Kick Start Guide – the essential guide for all organisations pursuing TickITplus certification – has been launched /EIN Presswire/ — Following the release late last month of the Base Process Library (, the Kick Start Guide – the essential guide for all organisations […]

Comments (1)

The Business Case for Information Security Management System

Today’s economy is about protecting the information assets which is essential to existence of an organization. After a major incident or a security breach it is unthinkable to say it is not going to affect your bottom line. Most of the organization has to comply with various standards and regulations and a breach in a […]

Comments (7)

Manager’s Guide to Compliance

Manager’s Guide to Compliance: Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB’s A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices, and Case Studies (Manager’s Guide Series) A Wall Street Journal/Harris poll revealed that two thirds of investors express doubts in the ability of corporate boards of directors to provide effective oversight. In the shadow […]

Leave a Comment

ArcSight offers $49.00 entry-level audit logging package

Image via CrunchBase Security Log Management: Identifying Patterns in the Chaos Arcsight offer $49 entry level logging solution – a monumental change from the SIEM vendors, since they were trouncing their clients at price of 200K and up. Data security and compliance specialist ArcSight has taken the wraps off a slew of product updates – […]

Leave a Comment

2010 Compliance Laws

Image by purpleslog via FlickrIn 2010 there will be two important compliance laws introduced which will affect the majority of North American organizations and many global organization too. 45 US States followed California when they introduced “SB1386“, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements. From the 1st January […]

Comments (4)

Audit of security control and scoping

Information Technology Control and Audit The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review. Scoping sets the boundaries of the […]

Comments (1)

Vulnerability management and regulatory compliance

Image by Michele Mondora via Flickr Information security requirements are growing for financial, healthcare and government sectors. Especially a new ARRA and HITECH provision for HIPAA mandates compliance for business providers/vendors. The business owners have seen growing number of government and industry specific regulations for protecting the confidentiality, integrity and availability of data from ever […]

Comments (2)

PCI DSS significance and contractual agreement

The PCI DSS (Payment Card Industry & Data Security Standard) was established by credit card companies to create a unified security standard for handling credit card information.  The retail service industry now understands the strategic significance of PCI DSS compliance, which was demonstrated when TJX announced that their system was compromised for more than 17 […]

Comments (2)