-
PCI compliance UK: The future of European merchant PCI compliance
This PCI DSS UK compliance guide offers advice on how to achieve merchant PCI compliance with expert advice and real-world case studies. Learning Guide
-
Data Protection Act: UK information to avoid DPA fines
Data Protection Act information that explains exactly what you need to do in order to be compliant can be hard to come by. This mini learning guide offers tips and expert advice on how to avoid Data Protection Act fines. Learning Guide
-
Make PCI DSS compliance easier by reducing scope, outsourcing data
Many organisations are still struggling with PCI DSS compliance. But there are some ways to ease the burden introduced by PCI DSS. Find out how some experts recommend making PCI DSS compliance easier. Feature
-
Quiz: PCI DSS compliance -- Two years later
A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. Quiz
-
PCI DSS Requirement 10: Track and monitor network access
Many organizations have disparate networks and must manually track each system's log files in order to comply with PCI DSS. Individually sifting through system logs can be a major drain on IT, especially when the cause of a compromise needs to be det... Learning Guide
-
PCI DSS Requirement 3: Protecting stored data
One of the biggest problems with PCI DSS requirement 3 is that merchants must accurately know where credit card data flows from its inception, where it traverses the network and resides, and what its "state" is along the way. Craig Norris explains ho... Learning Guide
-
PCI DSS Requirement 1: Install and maintain a firewall configuration
Simply installing a firewall on the network perimeter won't necessarily get you past PCI DSS Requirement 1. In this guide, Craig Norris explains the extra work that needs to be done. Learning Guide
-
PCI DSS Requirement 8: Assign unique user IDs to those with access
To pass a PCI compliance audit, organizations need to be capable of verifying who is attempting access to an asset. They also must control what employees are permitted to see or modify, and do so based on their organizational role. In this PCI surviv... Learning Guide
-
PCI DSS Requirement 11: Regularly test security systems and processes
Craig Norris explains why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard, one that frequently baffles security professionals. Learning Guide
-
Quiz: Must-have compliance technologies
A five-question multiple-choice quiz to test your understanding of the content presented by expert Trent Henry in this lesson of SearchSecurity.com's Compliance School. Quiz
- See More: Essential Knowledge on Compliance Regulation and Standard Requirements
-
European Commission data protection proposals draw hostile reaction
Reaction to the European Commission data protection proposals has been largely negative, as many believe the new rules are costly and misdirected. News | 26 Jan 2012
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News | 29 Dec 2011
-
ICO stands by unpopular UK cookie legislation with advice, warnings
Website owners have resisted compliance with cookie legislation so the ICO has issued more guidance and warnings to nudge them along. News | 21 Dec 2011
-
Tougher data protection rules will push up cost of email marketing
The EU will announce tougher rules for collecting information from consumers. Security pros can plan now for the new rules, expected in January 2012. News | 17 Nov 2011
-
PCI DSS implementation can boost entire data security program
Not just for payment card data, a PCI DSS implementation can be applied to all data, underpinning an organization’s overall data security efforts. News | 24 Oct 2011
-
Private companies can expect more ICO fines, regulator warns
A regulator warned private companies who do not adequately protect data will face ICO fines up to £500,000. News | 20 Oct 2011
-
UK banks bracing for new financial services regulations compliance
A research director for Gartner lists the top five financial services regulations that UK banks will have to deal with in the coming years. News | 03 Oct 2011
-
E-discovery laws: Having an information governance framework matters
A recent increase in privacy litigation proves that UK companies, too, need e-discovery and data governance plans. News | 29 Sep 2011
-
ICO approves policy changes after Google Street View privacy issues
The ICO has approved updates to Google's Street View policies following a data compromise last year, but asserts there's room for improvement. News | 20 Aug 2011
-
Gartner: Corporate privacy policy requirements demand urgent review
The research firm says corporate privacy policy requirements are outdated, due to new technology and legislation, and should be revisited now. News | 11 Aug 2011
- See More: News on Compliance Regulation and Standard Requirements
-
How to apply PCI DSS guidance to virtualisation technology
Learn how to apply best practices from the recently released PCI DSS virtualisation guidance to your virtual environment. Tip
-
Maintaining a third-party security policy for DPA compliance
Prevent data breaches and possible brand damage by vetting and checking up on third parties' security processes. Tip
-
Employee monitoring policy to avoid breaking employee monitoring laws
Both the DPA and Human Rights Act include employee monitoring. Learn how to preserve employee privacy, while still keeping an eye out. Tip
-
How UK security laws and European privacy laws impact businesses
Given the multitude of security and privacy laws within the EU, knowing which ones have bearing on your business can be confusing. Tip
-
To avoid cloud computing legal issues, consider these three domains
Attorney Stewart Room discusses three critical focus areas that will help organizations avoid cloud computing legal issues and SLA conflicts. Tip
-
Internal security audit: The importance of security system assessment
Internal security audits can help keep compliance programs on track, as well as reduce the stress of formal audits. Tip
-
How to use a QSA assessment to secure a cardholder data environment
Read Mathieu Gorge’s top five tips to prepare for a PCI QSA assessment, and learn how that preparation enables a secure cardholder data environment. Tip
-
DPA compliance not a black and white process
For DPA compliance, a ‘tick-box’ approach is not an option. Therefore, the trick is to simply to keep out of trouble and avoid obvious negligence. Alan Calder explains how. Tip
-
Information awareness training: Data Protection Act policy template
To comply with the DPA fully, an organisation's users must know what they can and cannot do under the DPA stipulations. Learn what to include in employee awareness training with this checklist. Tip
-
Employee information awareness training: PCI policy templates
To comply with PCI DSS -- and keep cardholder data secure -- organisations must train their employees on data handling best practices. This tip explains how. Tip
- See More: Tips on Compliance Regulation and Standard Requirements
-
How to meet the PCI DSS compliance deadline on an IT security budget
Learn how to meet the upcoming PCI DSS compliance deadline while sticking to an IT security budget by leveraging existing security infrastructure in this response from expert Mathieu Gorge. Ask the Expert
-
PCI PTS: Understanding PCI PIN security requirements
What is PTS, and how does it relate to PCI DSS? In this expert response, learn about the differences between PCI DSS, PA DSS and PTS, as well as recent updates to PCI PTS requirements. Ask the Expert
-
How to manage logs
Neil O'Connor reviews when you should be hanging on to your network logs. Ask the Expert
-
Payment card industry compliance: Protect phoned-in credit card data
Mathieu Gorge explains how to protect credit card data over the phone if you're a call centre trying to meet payment card industry compliance standards. Ask the Expert
-
What are best practices for credit cards in a call centre?
Expert Alan Calder explains the security and compliance challenges for call centres that record telephone conversations and credit card details. Ask the Expert
-
How to comply with the Data Protection Act of 1998
Alan Calder explains the basic requirements of the U.K. Data Protection Act of 1998. He highlights how to comply with the Data Protecting Act and discusses the regulations guidelines and basic requirements. Ask the Expert
-
Are there any references that discuss the cost of PCI DSS compliance?
Security expert Mike Rothman discusses the expenses related to complying with PCI DSS. Ask the Expert
-
What is the best way to comply with PCI DSS requirements 9 and 10?
Security management expert Mike Rothman unveils how corporations can get compliant with PCI DSS guidelines, specifically requirements 9 and 10. Ask the Expert
-
Protecting consumer data with a fraud and risk assessment policy
In this Q&A, Mike Rothman discusses the risk assessment policies that merchants should practice when handling consumer bank cards. Ask the Expert
-
Is encrypting cookies a PCI DSS requirement?
Security management expert Mike Rothman discusses whether or not storing sensitive information in the form of a cookie is considered a violation of PCI DSS. Ask the Expert
- See More: Expert Advice on Compliance Regulation and Standard Requirements
-
National Health Service (NHS)
The National Health Service (NHS) is the publicly funded national healthcare system in the United Kingdom. Definition
-
Good Practice Guide 13
Good Practice Guide 13 defines requirements for protective security monitoring that local authorities must comply with in order to prevent accidental or malicious data loss. Word
-
UK Government Connect Secure Extranet (GCSX)
The UK Government Connect Secure Extranet (GCSX) is a secure WAN that allows officials at local public-sector organisations to interact and share data privately and securely with central government departments. Word
-
Information Assurance Standard 6 (IAS 6)
The Information Assurance Standard 6 (IAS 6) is legislation enacted by the British government in May 2009 as part of its Security Policy Framework (SPF). SPF is a response to government data breaches uncovered in the government's Data Handling Review... Word
-
IFRS (International Financial Reporting Standards)
IFRS (International Financial Reporting Standards) is a set of accounting standards developed by an independent, not-for profit organization called the International Accounting Standards Board (IASB). Word
-
Code of Connection (CoCo)
In the U.K., the Code of Connection (CoCo) is a mandatory set of requirements that must be demonstrated before local authorities in England and Wales can connect to the Government Secure Intranet (GSI). Word
-
UK Identity Cards Act
The UK Identity Cards Act is a framework of enabling legislation for a British National Identity card passed in 2006. The Act has not yet gone into full-scale development or deployment... (Continued) Word
-
Basel II
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by operations. (Continued...) Word
-
Financial Services Authority (FSA)
The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including most financial services markets, exchanges and firms... (Continued) Word
-
EU Data Protection Directive (Directive 95/46/EC)
EU Data Protection Directive (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to pr... Word
-
Data Protection Act compliance: Effective data protection?
Recently, a lot of attention has been paid to the Data Protection Act, but how useful is it, really? In this interview, Paul Simmonds, member of the board of management of the Jericho Forum, discusses why the DPA is capable of keeping data safe. Video
-
Building a framework-based compliance program
Richard Mackey of SystemExperts offers expert advice on how to construct a framework that can help enterprises identify their compliance needs. Video
-
How to apply PCI DSS guidance to virtualisation technology
Learn how to apply best practices from the recently released PCI DSS virtualisation guidance to your virtual environment. Tip
-
European Commission data protection proposals draw hostile reaction
Reaction to the European Commission data protection proposals has been largely negative, as many believe the new rules are costly and misdirected. News
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News
-
ICO stands by unpopular UK cookie legislation with advice, warnings
Website owners have resisted compliance with cookie legislation so the ICO has issued more guidance and warnings to nudge them along. News
-
IT in Europe, Security Edition: Data security cloud computing outlook
Despite worries about data security, cloud computing is spreading over the UK enterprises, making heroes of many IT staff. Learning Guide
-
Tougher data protection rules will push up cost of email marketing
The EU will announce tougher rules for collecting information from consumers. Security pros can plan now for the new rules, expected in January 2012. News
-
Maintaining a third-party security policy for DPA compliance
Prevent data breaches and possible brand damage by vetting and checking up on third parties' security processes. Tip
-
Employee monitoring policy to avoid breaking employee monitoring laws
Both the DPA and Human Rights Act include employee monitoring. Learn how to preserve employee privacy, while still keeping an eye out. Tip
-
PCI DSS implementation can boost entire data security program
Not just for payment card data, a PCI DSS implementation can be applied to all data, underpinning an organization’s overall data security efforts. News
-
How UK security laws and European privacy laws impact businesses
Given the multitude of security and privacy laws within the EU, knowing which ones have bearing on your business can be confusing. Tip
- See More: All on Compliance Regulation and Standard Requirements
About Compliance Regulation and Standard Requirements
Achieve compliance with regulation and standard requirements such as PCI DSS and HIPAA. Get advice and information on regulatory compliance training and compliance requirements and programs.