the State of Security

_IT Compliance

Understanding the Cost of Compliance — Part III

by Cindy Valladares

The True Cost of Compliance report finds that secure organizations have lower non-compliance costs. To measure security, the Ponemon Institute has developed a security effectiveness score. This methodology was developed over the last five years and used in over 40 studies by the Ponemon Institute. This index takes into account 25 best practices that help [...]

Read More

Understanding the True Cost of Compliance Report — Part II

by Cindy Valladares

This is the second blog post in a series aimed at clarifying some of the concepts around The True Cost of Compliance report, conducted by the Ponemon Institute. The first post of this series deals with the difference between compliance and non-compliance. This one is going to focus on understanding the cost framework used in [...]

Read More

PCI DSS Picks Up a Missouri Accent with V2’s 11.5b: “Show Me”

by Cindy Valladares

We all know what PCI 11.5 says, right? At Tripwire it’s almost a corporate anthem: “Deploy file-integrity monitoring tools to alert personnel to unauthorized modification of critical system files, configuration files, or content files…” Ensuring the integrity of files and configurations is essential to IT security in general, and indispensable in protecting the cardholder information [...]

Read More

The True Cost of Compliance

by Cindy Valladares

We often hear from customers and prospects that compliance is expensive and cumbersome, yet it allows them to rally for a piece of the IT security budget. Up to this point, however, there was no data on what the cost of compliance was.

Read More

How Effective is PCI DSS?

by Cindy Valladares

If you’ve ever participated in a conversation about PCI with infosec professionals, you will most likely end up discussing the effectiveness that compliance initiatives have to the overall security posture of an organization. One of the most passionate experts on this precise topic is Josh Corman (@joshcorman on twitter), Security Analyst at the 451 Group. [...]

Read More

FERC/NERC New rules for Nuclear “facilities”

by ~Previous Contributers

By: Sean Sherman FERC – Federal Energy Regulatory Commission – released a new order on March 19th, 2009 that changes the scope of the NERC CIP (Critical Infrastructure Protection) rules to include “Facilities regulated by the U.S. Nuclear Regulatory Commission” – i.e. nuclear plants. This seems a straightforward ruling that says generation sources (especially 20% [...]

Read More

← Previous Entries

Next Entries →