Compliance

News

Security culture begins at the top

By Wayne Chung | 02 February, 2012 11:03 | 6 Comments

What’s the most important factor of a successful security program? Technology such as endpoint protection? Making sure your change management processes and system development life cycle includes consideration of security risks? Strong policies? Not quite.

Creating a cloud SLA from diagnostic data

By Gregory Machler | 05 August, 2011 05:18

As a CSO and CIO you may be wondering why I crafted a diagnostic related to understanding your most critical web products. The original purpose of the diagnostic was to discern which applications and how applications are ported successfully to a service provider's cloud. The diagnostic determines which cloud IaaS products (storage components, network components, and virtualization machines) are needed for an application. It addresses the platform components (server/operating system and web server) in the PaaS layer. Lastly, it focuses on the SaaS software application.

Legal quicksand: Shrink-wrap, click-wrap agreements

By Michael R. Overly | 03 August, 2011 02:25

Shrink-wrap and click-wrap agreements are the fine print you see, among other things, when you click through terms and conditions in accessing an online service (e.g., in connection with a cloud computing service) or as part of the installation of a piece of software.

Queensland Police to audit PCI compliance

By Tim Lohman | 29 June, 2011 11:27

The Queensland Police Service (QPS) is to shortly carry out a series of Payment Card Industry (PCI) compliance assessments and reviews aimed at addressing any deficiencies or gaps in current ICT systems.

PCI Council says mobile payment apps can meet security standard

By Jaikumar Vijayan | 25 June, 2011 02:59

The PCI Security Standards Council has released its long-awaited guidance on how mobile payment acceptance applications can meet PCI standards.

More Compliance news
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Encryption

Robust data protection for PCs, smartphones, and removable media

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »