ComplianceOnline

Compliance Resources to Help you Stay Current

Get trained on regulations affecting your industry through online webinars, learn the best practices, and download quality standards, checklists and news articles. Listen to experts on best practices to streamline quality and compliance processes and meet the regulatory demands.
Loading....

Support Encryption: U.S. Internet Firms Look to Trump to Ease Regulations

  • Industry: IT control and PCI compliance

A little in tune with President-elect Donald J. Trump’s proposed policies, the Internet Association sought his support in listing their priorities; key among them - immigration reform, stronger encryption, and ensuring liability protection for content that users share on their social platforms.

The Boon and Bane Behind Your Digital Presence

  • Industry: IT control and PCI compliance

The Boon and Bane Behind Your Digital Presence

A lot can happen under the shroud of invisibility. The Internet creates this shrouded nook – a place from where one can observe or participate, but not without leaving behind a digital footprint that can be followed. Identity theft and data breaches are now commonplace enough to warrant constant concern especially for organizations and business owners. Are your online transactions secure? Who can access your databases or your customer information?

The answers to these questions keep varying as much as new ways to breach digital platforms keep emerging. But there is still much that can be done to combat these threats, sometimes simply by understanding what they are.

Social Media Compliance and Security in Spotlight after AP Twitter Feed Hacked

  • Industry: IT control and PCI compliance

After the Associated Press Twitted feed was hacked by Syrian hackers and a false tweet about an attack on the White House broadcast to the world causing the Dow Jones index to plunge, both Wall Street regulators and IT security experts are looking into making social media channels more secure.

California Online Privacy Protection Act of 2003 – Applicability and Summary of Requirements

  • Industry: IT control and PCI compliance

The California Online Privacy Protection Act of 2003 or OPPA, which became effective on July 1, 2004, was the first state law that required owners of commercial websites or online services to post a privacy policy.

This article discusses the applicability of the Act and summary of its requirements.

Payment Card Industry Data Security Standard (PCI DSS) – Background, Overview and Compliance Re ....

  • Industry: IT control and PCI compliance

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder security and facilitate broad adoption of consistent data security measures globally.

The PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data.

This article gives an overview of the standard including its background, reasons for implementation, applicability and requirements.

Regulation of Investigatory Powers Act

  • Industry: IT control and PCI compliance

The Regulation of Investigatory Powers Act 2000 (RIP or RIPA) is an Act of the Parliament of the United Kingdom, regulating the powers of public bodies to carry out surveillance and investigation, and cover-ing the interception of communications. It was introduced to take account of technological change such as the growth of the Internet and strong encryption.

Protecting Children's Privacy under Children's Online Privacy Protection Act (COPPA)

  • Industry: IT control and PCI compliance

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on marketing to those under 13.

PCI Data Security Standard

  • Industry: IT control and PCI compliance

The PCI Data Security Standard (PCI DSS) is a payment card security process which helps to prevent credit card frauds through increased controls aimed at detection and reaction to incidents involving security issues. The standards provide an actionable framework for execution of a robust security system for the safety of the payment card industry.

SIA ACS – Security Industry Authority Approved Contractor Scheme

  • Industry: IT control and PCI compliance

The Security Industry Authority (SIA) has introduced an Approved Contractor Scheme (ACS) to raise performance standards within the security industry. The ACS is the quality benchmark within the industry. It sets out criteria that companies must fulfill to qualify under the ACS.

eEye Releases Research Report And Product To Tackle Key Vulnerability And Compliance Management ....

  • Industry: IT control and PCI compliance

The 2011 Vulnerability Management Trends Research Report is revealed by eEye Digital Security (eEye), presenting awareness, answers, and insight into key issues in today’s vulnerability and compliance management. eEye also released Retina CS 2.0 (product version) along with the report with the automation of vulnerability and compliance management. eEye provides solutions in IT security and unified vulnerability management.

Cyber Security Compliance Unit to Be Set Up to Establish Standards to Face Security Risks

  • Industry: IT control and PCI compliance

A new Cyber Security bill was introduced in IT security legislation. A new division for cyber security compliance will be created within the Department of Homeland Security (DHS) under the Homeland Security Cyber and Physical Infrastructure Protection Act of 2010. It will manage the set up of performance-based standards to tackle particular security risks faced by the nation’s critical infrastructure information networks and IT systems of civilian federal government agencies.

A new twist on PCI DSS: Visa's Payment Application Best Practices

  • Industry: IT control and PCI compliance

Payment Application Best Practices was developed in 2005 by VISA to guide payment application developers that help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data and support overall compliance with the PCI Data Security Standard (PCI DSS). The PCI Security Standard Council has ratified the PABP developed by VISA as a standard and has published the same as Payment Application Data Security Standard (PA-DSS). Under the PABP, 555 products were validated for compliance. Further PCI SSS has added to this list and has published the consolidated list in its website for smooth transition.

PCI SSC is in the process of adding a new provision to its existing PCI DSS mandate picked from PABP developed by VISA. This move by PCI SSC deems to bring in more security in payment application development. This will bring all the vendors of payment application development under the PCI DSS compliance umbrella.

The PCI Data Security Standard (PCI DSS)

  • Industry: IT control and PCI compliance

Majority of the transactions in the recent times are cashless. The acceptance and use of the plastic money a.k.a credit/debit cards has seen a splurge in recent times. The convenience offered by these services has resulted in widespread acceptance of this form of money. This is only an end user perspective. Companies providing these services are striving to provide secure infrastructure for these transactions as there are possibilities of identity thefts which could be damaging both to the user and the provider.

Payment Card Industry Data Security Standard provides guidelines for companies that process, store or transmit credit card information maintain a secure environment. Though these standards were developed by PCI Security Standards Council, an independent body formed by major credit card brands, enforcing compliance is the responsibilities of the different payment brands and acquirers. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Best Sellers
You Recently Viewed
    Loading