Exaprotect BlogManager

Companies that have to comply with tough new regulations mandating the use of encryption and other security controls for protecting the personal data of Massachusetts residents are being given more time to do so.

Last Friday, the state’s Office of Consumer Affairs and Business Regulation (OCABR) extended the compliance deadline from Jan. 1 to May 1. In its announcement, the OCABR said the extension was prompted by current economic conditions and is designed to give more flexibility to companies that may be experiencing financial difficulties. More information on http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security_hardware_and_software&articleId=9121018&taxonomyId=145&intsrc=kc_top

Achieve compliance easily with LogManager: http://www.exaprotect.com/products/logmanager/

Interestingly, 50% of the respondents said organizational awareness was the most significant challenge to information security initiatives, edging out availability of resources, budget and addressing new threats and vulnerabilities. While the survey didn’t specifically address training or awareness programs, only 19% of the respondents said they ran social engineering tests, while Internet and infrastructure testing is also common practice at 85% and 73% respectively. While E&Y says regulatory compliance has been the leading driver for information security since 2005, it reports that protecting reputation and brand has become a significant driver as well… Read teh whole story: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1337260,00.html

BOSTON — Forrester analyst John Kindervag says he’s sick of hearing people whine about the payment card industry data security standard (PCI-DSS). A former qualified security assessor (QSA), Kindervag said companies often drag out compliance issues instead of dealing with them head-on.

Read all the story: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1329845,00.html

See how LogManager makes compliance easy: Download PCI Solution Sheet for free on http://www.exaprotect.com/resources/ !!

Good corporate governance depends on the effective management of internal controls and on the availability, confidentiality and integrity of information. Corporate reputation, brand preservation and financial results all depend on the defence of business processes and on compliance with a growing array of legislation and regulation. For companies listed on US exchanges, the Sarbanes-Oxley Act of 2002 (‘SOX’) is of overriding importance and information security has a crucial role to play in achieving compliance.

Section 404 of Sarbanes-Oxley requires the CEO and CFO of US-listed companies each year to certify the adequacy of the company’s internal control over financial reporting, and for this certification to be attested by an independent accountant.

In December 2006, the US Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) announced a series of changes to the requirements of Section 404. In the same month the PCAOB also proposed a new auditing standard for those Section 404 audits that focus upon the internal control over financial reporting, with the objective of reducing the burdens and costs imposed by the original reporting requirements. This proposal was adopted and, in May 2007, the PCAOB replaced its Auditing Standard No 2 with what is known as AS 5, An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements.

(more…)

Good corporate governance depends on the effective management of internal controls and on the availability, confidentiality and integrity of information. Corporate reputation, brand preservation and financial results all depend on the defence of business processes and on compliance with a growing array of legislation and regulation. For companies listed on US exchanges, the Sarbanes-Oxley Act of 2002 (‘SOX’) is of overriding importance and information security has a crucial role to play in achieving compliance.

Information security and SOX

SOX was passed to ensure that executives are held responsible for establishing, evaluating and monitoring the effectiveness of internal controls over their financial reporting. To ensure compliance, SOX legislation contains provisions that include both criminal and civil penalties for any violations.

(more…)

Time is running out for organizations that handle credit card payments to make their systems PCI compliant. In less than two months, the Payment Card Industry (PCI) Security Standards Council, which represents credit card companies, will bring the PCI Data Security Standard (DSS) into force to help safeguard customer data. But there are fears that many businesses, particularly smaller retailers, government departments and utility companies, will not be ready in time and could face fines.

(more…)