IT GRC Forum

FacebookJoin our Linkedin Group!Follow us on Twitter!Subscribe to our Feeds!

www.lockpath.comLeveraging GRC for PCI DSS Compliance

Historically, one of the biggest problems with Payment Card Industry Data Security Standard (PCI DSS) compliance initiatives has been conducting it as a one-off security effort, treating the standard as a unique and independent set of requirements instead of integrating the requirements into a holistic GRC program.

Read more...
 

Software AGHow to Implement Effective Enterprise Risk Management

Over the past few years, organizations are more focused on "being in control." They are increasingly—often forced by regulations—building and implementing processes that underpin the company's "In Control Statement". The inevitable extra costs and efforts are often seen as a burden, distracting people from what they should focus on: doing business!

Read more...
 

SDG CorpHow to Effectively Manage the Compliance Lifecycle

In today's world of high uncertainty, rapid economic changes, and increasingly complex regulations, compliance has become a permanent part of doing business. Juggling the requirements of industry regulations, data privacy laws, and government mandates is no easy task, and maintaining ongoing compliance is complicated by constant changes, amendments, and overlaps. What's more, as regulations increase, the resources needed to comply with them increase as well – and so do the stakes.

Read more...
 

Software AGAnalyzing the effects of risks and controls in business processes

Despite its growing maturity, simulation is still regarded by some as being complicated and impractical from a management perspective, even through the downfalls in static analysis of risk positions pertaining to business processes, projects, insurances or trading are well documented. Simulation is still perceived by some as an approach which involves too much data, too much expertise, and specialist skill sets to implement.

Read more...
 

SDG CorpThe Value of a Unified Security Platform

Businesses today have a multitude of security tools and technologies spread across the enterprise. As a result, most IT organizations must work with a security posture cobbled together from so many individual solutions that it is impossible to get a unified view at any given point in time. Given the amount of data generated by security tools, vulnerability tools, policy violations, highly privileged access reviews, and more, organizations need a structured way to understand their security posture.

Read more...
 

Software AGBow Tie Methodology with the ARIS Governance, Risk and Compliance Solution

In risk intensive businesses like the energy sector, a new risk analysis and description methodology has become more and more popular – Bow Tie diagrams. The success of this diagram lies in its clear structure and simplicity which is easy for the non-specialist to understand, but still has sufficient depth for an expert discussion.

Read more...
 

BrainloopEnterprise Information Security Options for 2012

As organizations increasingly participate in a collaborative economy, sharing documents becomes ever more crucial. Documents travel farther and wider than ever before due to expanding corporate ecosystems and increasingly virtualized business networks encompassing more partners, joint ventures, and collaborative projects.
Read more...
 

BrainloopTen Questions to Identify Compliance Risks When Sharing Information

Corporate and regulatory compliance policies have forced companies to ensure that information flows are documented, auditable, and highly secure. Yet in order to conduct their business, companies must share sensitive information outside the firewall, introducing serious potential information risk.

Read more...
 

Tokenization PerspectiveTokenization is About More Than PCI Compliance – It's a Strategic Business Decision

Heightened merchant concerns over securing sensitive cardholder information, as well as new Payment Card Industry (PCI) security mandates, have driven demand for integrated card data protection solutions. These concerns are well justified.

Read more...
 

Ccombat Fraud and Protect Your Bottom LineCombat Fraud and Protect Your Bottom Line

Fraud in the insurance industry is nothing new; however, the growth of both telephone and Web-based sales channels provides fraudsters with greater opportunity to take advantage of insurance companies.

Read more...
 

MEGAEnterprise Architecture (EA) as an enabler for GRC

Many organisations' governance, risk management and compliance (GRC) practices have not changed for years. The result is organisations are struggling to keep up with the complex regulatory environment and meet external stakeholders' expectations. Many organisations, no matter what sector they trade in are seeking to become more flexible and profitable while increasing internal controls and reducing risk. These objectives appear to be contradictory, but one way large organisations can unite them is by improving their approach to GRC.

Read more...
 

Chase PaymentechSeven Steps to Merchant Success in Recurring Payments

For businesses that accept recurring payments, customer relationships last well beyond a single transaction. For these merchants and billers, it's critical to utilize payment tools that can minimize billing disruptions and maintain service continuity. This can reduce processing costs, maximize revenues, and strengthen customer satisfaction.

Read more...
 

2011 PS Report2011 Payment Security Practices and Trends Report

Managing payment security is an ongoing challenge for organizations. To help businesses understand management trends and practices among peer groups, CyberSource and Trustwave, in partnership with the Merchant Risk Council (MRC), commissioned the Payment Security Practices and Trends Survey. The report summarizes the findings and provides insights and industry benchmarks, as well as industry trends.

Read more...
 

www.agiliance.comPreparing for PCI DSS 2.0   

On January 1, 2011 the Payment Card Industry (PCI) Data Security Standard (DSS) version 2.0 took effect. The new requirements represent a daunting task when it comes to improving an organization's existing security policies to include virtualized environments, policy governance, risk remediation, and 100% asset coverage.

Read more...
 
Page 4 of 22

  Most Popular | All