Email Alerts
-
Royal Holloway 2012: Designing a secure contactless payment system
In his Royal Holloway thesis, Albert Attard proposes a contactless payment system to make card-not-present credit card transactions more secure. Feature
-
Royal Holloway 2012: PCI compliance, cloud computing are a costly pair
It is possible to achieve PCI DSS compliance in a cloud environment, but it may not be cost-effective, as explained in this Royal Holloway article. Feature
-
Infosecurity 2012 Europe: Conference news and highlights
Get the latest news and important research from the Infosecurity 2012 Europe conference, including coverage on security threats and data breaches. Guide
-
Privacy and electronic communications regulations: Guide to EU cookie compliance
Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie. Guide
-
IT in Europe, Security Edition: Data security cloud computing outlook
Despite worries about data security, cloud computing is spreading over the UK enterprises, making heroes of many IT staff. Magazine
-
IT in Europe, Security Edition: Data Protection Act compliance
DPA compliance grows more challenging in an age of cheap cloud computing, sexy smartphones and personal threats faced by security professionals. Magazine
-
IT security awareness training tutorial: Employee compliance education
Learn best practices for employee awareness training — an essential aspect of compliance, as well as overall security — in this tutorial. Tutorial
-
Patient confidentiality policy for UK electronic health records
While electronic health records could provide valuable information in an emergency, they present patient confidentiality concerns. This Royal Holloway thesis examines the issue. Feature
-
InfoSecurity Europe 2011 coverage
Get the latest news and updates from the 2011 InfoSecurity Europe conference. Feature
-
How to approach Good Practice Guide 13 (GPG13) for CoCo compliance
Though mandatory for CoCo compliance, Good Practice Guide 13's protective monitoring controls are seldom implemented by organisations. Learning Guide
- See more Essential Knowledge on Compliance Regulation and Standard Requirements
-
ICO fines Welsh health board £70,000 for patient record loss
For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person. News | 11 May 2012
-
Infosecurity 2012: ICO opposes mandatory data breach notification
Information Commissioner Christopher Graham calls mandatory breach disclosure for all companies unnecessary, saying voluntary disclosure is working. News | 26 Apr 2012
-
PCI assessor and CISO: Work together for the best PCI ROC
In a session at the SOURCE Boston conference, a PCI assessor and a CISO explain that there are ways to arrive at a report on compliance they can both appreciate. News | 19 Apr 2012
-
Experts differ on European ‘cookie law’ advice
U.S. firms with European customers are wondering about the new “cookie law.” Experts have different advice for European cookie law compliance. News | 19 Apr 2012
-
Prepare now for more stringent U.S. data privacy laws
U.S. data privacy laws will soon become more pervasive and more strictly enforced. Security teams should prepare their organizations for the new rules. News | 05 Apr 2012
-
SIEM deployment case study shows patience is required
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed. News | 30 Mar 2012
-
For website owners, UK cookie law causing confusion, uncertainty
A survey of digital marketing professionals found some companies plan to take no action to comply with UK cookie law before the May 26 deadline. News | 27 Mar 2012
-
Costs of a data breach falling, but cost per record rising
The cost of a data breach in the UK is falling, data from Ponemon Institute shows, but the news isn't all good. News | 26 Mar 2012
-
It's so easy to breach the Data Protection Act
The latest case to appear on the website of the Information Commissioners Office (ICO) shows just how easy it can be to break the law. News | 13 Mar 2012
-
Changes to European privacy laws foreshadow serious business impact
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses. News | 08 Mar 2012
- See more News on Compliance Regulation and Standard Requirements
-
The new EU data protection regulation: Planning for compliance
The new data protection rule will impact businesses worldwide. Discover quick wins for SMBs and projects for large businesses to move to compliance. Tip
-
Prep and test your Olympics 2012 security contingency plans
To maintain information security during the 2012 Olympics, security and IT contingency plans must be tested in several key areas. Tip
-
International computer crime requires an international response
As international computer crime increases in scope and organisation, countries must work together to reduce threats from global cybercrime. Opinion
-
A compliance strategy for the controversial cookie opt-in regulation
Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation. Tip
-
Four steps to comply with PECR, ICO cookies regulations
To comply with ICO regulations, you’ll need to clean up website cookies and prepare pop-up permission requests. Alan Calder explains how. Tip
-
How to audit cookies for compliance with PECR regulations
Concerned about the PECR regulations for website tracking cookies? Learn how to audit cookies on your site to find out if you are in compliance. Tip
-
How to apply PCI DSS guidance to virtualisation technology
Learn how to apply best practices from the recently released PCI DSS virtualisation guidance to your virtual environment. Tip
-
Maintaining a third-party security policy for DPA compliance
Prevent data breaches and possible brand damage by vetting and checking up on third parties' security processes. Tip
-
Employee monitoring policy to avoid breaking employee monitoring laws
Both the DPA and Human Rights Act include employee monitoring. Learn how to preserve employee privacy, while still keeping an eye out. Tip
-
How UK security laws and European privacy laws impact businesses
Given the multitude of security and privacy laws within the EU, knowing which ones have bearing on your business can be confusing. Tip
- See more Tips on Compliance Regulation and Standard Requirements
-
EU cookie regulations: Advice for firms in the US and other countries
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Answer
-
How to meet the PCI DSS compliance deadline on an IT security budget
Learn how to meet the upcoming PCI DSS compliance deadline while sticking to an IT security budget by leveraging existing security infrastructure in this response from expert Mathieu Gorge. Ask the Expert
-
PCI PTS: Understanding PCI PIN security requirements
What is PTS, and how does it relate to PCI DSS? In this expert response, learn about the differences between PCI DSS, PA DSS and PTS, as well as recent updates to PCI PTS requirements. Ask the Expert
-
How to manage logs
Neil O'Connor reviews when you should be hanging on to your network logs. Ask the Expert
-
Payment card industry compliance: Protect phoned-in credit card data
Mathieu Gorge explains how to protect credit card data over the phone if you're a call centre trying to meet payment card industry compliance standards. Ask the Expert
-
What are best practices for credit cards in a call centre?
Expert Alan Calder explains the security and compliance challenges for call centres that record telephone conversations and credit card details. Ask the Expert
-
How to comply with the Data Protection Act of 1998
Alan Calder explains the basic requirements of the U.K. Data Protection Act of 1998. He highlights how to comply with the Data Protecting Act and discusses the regulations guidelines and basic requirements. Ask the Expert
-
Are there any references that discuss the cost of PCI DSS compliance?
Security expert Mike Rothman discusses the expenses related to complying with PCI DSS. Ask the Expert
-
What is the best way to comply with PCI DSS requirements 9 and 10?
Security management expert Mike Rothman unveils how corporations can get compliant with PCI DSS guidelines, specifically requirements 9 and 10. Ask the Expert
-
Protecting consumer data with a fraud and risk assessment policy
In this Q&A, Mike Rothman discusses the risk assessment policies that merchants should practice when handling consumer bank cards. Ask the Expert
- See more Expert Advice on Compliance Regulation and Standard Requirements
-
Privacy and Electronic Communications Regulations (PECR)
The Privacy and Electronic Communications Regulations (PECR) are the UK implementation of the European Union (EU) e-Privacy Directive. Definition
-
British Standards Institution (BSI)
The British Standards Institution (BSI) is a service organization that produces standards across a wide variety of industry sectors. Definition
-
National Health Service (NHS)
The National Health Service (NHS) is the publicly funded national healthcare system in the United Kingdom. Definition
-
IFRS (International Financial Reporting Standards)
IFRS (International Financial Reporting Standards) is a set of accounting standards developed by an independent, not-for profit organization called the International Accounting Standards Board (IASB). Definition
-
Good Practice Guide 13
Good Practice Guide 13 defines requirements for protective security monitoring that local authorities must comply with in order to prevent accidental or malicious data loss. Definition
-
UK Government Connect Secure Extranet (GCSX)
The UK Government Connect Secure Extranet (GCSX) is a secure WAN that allows officials at local public-sector organisations to interact and share data privately and securely with central government departments. Definition
-
Information Assurance Standard 6 (IAS 6)
The Information Assurance Standard 6 (IAS 6) is legislation enacted by the British government in May 2009 as part of its Security Policy Framework (SPF). SPF is a response to government data breaches uncovered in the government's Data Handling Revie... Definition
-
Code of Connection (CoCo)
In the U.K., the Code of Connection (CoCo) is a mandatory set of requirements that must be demonstrated before local authorities in England and Wales can connect to the Government Secure Intranet (GSI). Definition
-
Financial Services Authority (FSA)
The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including most financial services markets, exchanges and firms... (Continued) Definition
-
Basel II
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by operations. (Continued...) Definition
- See more Definitions on Compliance Regulation and Standard Requirements
-
Survey roundup: Trends in IT security topics
Surveys on a variety of IT security topics highlighted key trends in Web application vulnerabilities, cloud computing concerns and the motivations behind attacks. Photo Story
-
Data Protection Act compliance: Effective data protection?
Recently, a lot of attention has been paid to the Data Protection Act, but how useful is it, really? In this interview, Paul Simmonds, member of the board of management of the Jericho Forum, discusses why the DPA is capable of keeping data safe. Video
-
Building a framework-based compliance program
Richard Mackey of SystemExperts offers expert advice on how to construct a framework that can help enterprises identify their compliance needs. Video
-
Royal Holloway 2012: Designing a secure contactless payment system
In his Royal Holloway thesis, Albert Attard proposes a contactless payment system to make card-not-present credit card transactions more secure. Feature
-
Royal Holloway 2012: PCI compliance, cloud computing are a costly pair
It is possible to achieve PCI DSS compliance in a cloud environment, but it may not be cost-effective, as explained in this Royal Holloway article. Feature
-
The new EU data protection regulation: Planning for compliance
The new data protection rule will impact businesses worldwide. Discover quick wins for SMBs and projects for large businesses to move to compliance. Tip
-
Prep and test your Olympics 2012 security contingency plans
To maintain information security during the 2012 Olympics, security and IT contingency plans must be tested in several key areas. Tip
-
ICO fines Welsh health board £70,000 for patient record loss
For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person. News
-
International computer crime requires an international response
As international computer crime increases in scope and organisation, countries must work together to reduce threats from global cybercrime. Opinion
-
Infosecurity 2012 Europe: Conference news and highlights
Get the latest news and important research from the Infosecurity 2012 Europe conference, including coverage on security threats and data breaches. Guide
-
Infosecurity 2012: ICO opposes mandatory data breach notification
Information Commissioner Christopher Graham calls mandatory breach disclosure for all companies unnecessary, saying voluntary disclosure is working. News
-
PCI assessor and CISO: Work together for the best PCI ROC
In a session at the SOURCE Boston conference, a PCI assessor and a CISO explain that there are ways to arrive at a report on compliance they can both appreciate. News
-
Privacy and electronic communications regulations: Guide to EU cookie compliance
Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie. Guide
- See more All on Compliance Regulation and Standard Requirements
About Compliance Regulation and Standard Requirements
Achieve compliance with regulation and standard requirements such as PCI DSS and HIPAA. Get advice and information on regulatory compliance training and compliance requirements and programs.