Any retailers still unsure whether their data security standards can pass muster now have a new way to see how safe (or not) customer data really is. The Payment Card Industry Council has published a detailed set of “self-assessment questionnaires” for small and medium-sized retailers, who typically aren’t required to have their data security reviewed […]
Data Privacy
Posted inData Privacy
Why It’s So Shocking Societe Generale Was Shocked
By now we’ve all seen the headline—“French Bank Rocked by Rogue Trader!”—heralding the debacle at Societe Generale as the largest bank fraud in history. Then come the details: A “mid-level” employee, unbeknownst to anyone else at one of the most venerated banks in France, bet $73 billion of the bank’s money, costing it $7.2 billion. […]
Posted inData Privacy
Take Five: Keys to Identity Management
The field of identity management is enduring a bit of split personality these days. On one hand, business software giants are gobbling up small companies that provide ID management solutions, to cobble together comprehensive offerings compliance and IT departments can tailor to their specific needs. At the same time, the overall need for ID management […]
Posted inInternal Controls
Auditing Computer Controls With AS5
Once upon a time, broad reviews of general computer controls were a cornerstone of IT audits. Now, Auditing Standard No. 5 may well close the book on that practice. Testing of operating systems, information security, and “change management” in a company’s IT environment has evolved rapidly since such audits became commonplace 15 years ago. AS5, […]
Posted inData Privacy
Surviving Data Breaches in the PCI World
At the request of subscribers, Compliance Week offers a Remediation Center, in which readers can submit questions—anonymously—to securities and accounting experts. Compliance Week’s editors will review all questions and then submit them—confidentially, of course—to specialists who can address the issues. The questions and responses will then be reprinted in a future edition of Compliance Week. […]
Posted inData Privacy
PCI Standard Catches Lawmakers’ Eyes
The credit card industry has been trying to force stronger data privacy rules onto the banking and retail sectors for more than a year. Now state legislatures are getting into the act. A California bill forcing merchants to comply with key elements of the Payment Card Industry Data Security Standard is a governor’s signature away […]
Posted inData Privacy
The Secret Life of Application Controls
Viruses. Worms. Trojans. Denial-of-service attacks. IT security professionals have long wrestled with these and many other external threats, and a bustling industry has sprung up to fend off the pests. Such risks and others posed by those aiming to compromise corporate IT systems and steal data have garnered nearly all the public attention. And from […]
Posted inData Privacy
Corporate Aircraft Usage By Executives Soars
Two words best describe aircraft usage by corporate C-suite executives: sky high. According to a Compliance Week analysis of the perks offered by 250 large companies, personal use of corporate aircraft was the most common benefit, offered by 76.4 percent of the group. The compensation research firm Equilar further reports that the number of Fortune […]
Posted inInternal Controls
HIPAA Inspections Underscore IT Controls
Until now, the data security provisions of the Health Insurance Portability and Accountability Act received scant attention from regulators, particularly compared to enforcement activity for other federal information security mandates like the Sarbanes-Oxley Act or the Gramm-Leach-Bliley Act. That is beginning to change, as federal regulators complete their first HIPAA security audit and prepare to […]
Posted inEthics & Culture
Ethics Online: What A Good Internet Policy Looks Like
OK, compliance and ethics directors: what would you do if your e-mail monitoring system uncovered a romantic relationship between two employees?Or what would you do if you discovered an employee was using his office computer to post corporate information—though completely banal—on his personal blog? E-mail and Internet usage—not to mention newer technologies such as blogs […]
