Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Compliance » Features »

  • Legal issues in the Cloud - Part 4

    One of the remaining key issues Cloud users need to consider relates to the notion of being locked-in to certain applications or systems — and if a user wants to transfer data or applications from the Cloud, whether the data is portable between service providers. In these circumstances, a user will need to consider its requirements to access data some years into the future for a plethora of regulatory reasons.

    Written by Mark Vincent and Nick Hart11 April 11 06:00

  • Legal issues in the Cloud - Part 3

    Proper due diligence focuses on identifying the players in the Cloud relationship. That is, who is actually involved in providing the services and are they the same entity (or entities) that are processing or storing data? In the case of aggregators, for example, a Cloud user could be dealing with a single entity which itself is provided services by various third parties.

    Written by Mark Vincent and Nick Hart10 April 11 06:00

  • Legal issues in the Cloud - Part 2

    Unlike a fixed server in your office or at a data centre in Australia, data in the Cloud can potentially be located anywhere in the world — even in multiple data centres in multiple copies worldwide. A Cloud service provider may not even know where the data resides at any one time. The Cloud may not be tied to any particular location but this is clearly not the case with the laws of each country. Any ‘global’ technology solution will be impacted by the laws of a large number of nation states. As a result, sending and processing data around the globe could, in the process, fail to comply with data protection and privacy laws in various countries.

    Written by Mark Vincent and Nick Hart09 April 11 06:00
  • 1

    Information security in 2011

    C-level executives are more aware than ever about threats to information security.

    Written by James Hutchinson19 Jan. 11 10:36

  • Sydney Water IT security manager talks governance strategy

    Information security governance should not be treated like corporate governance, IT security steering committees must have the right stakeholders and the board can remain largely unaware of security issues. Those are key strategies for effective security governance, says IT security and assurance manager at Sydney Water, Stephen Frede.

    Written by Rodney Gedda03 Sept. 10 09:41
  • 2

    Where is Your Cloud? Four Compliance Best Practices

    If you think the phrase "It's in the cloud" means that your data resides on the Internet and is thus accessible everywhere equally, think again. Most infrastructure-as-a-service (IaaS) cloud services share the same residence model as traditional hosting and outsourcing deployments -- they live in specific data centers in specific geographies. This means that customer data is generated and most likely stored in this physical location, giving it legal and privacy implications.

    Written by James Staten19 April 10 06:50

  • Compliance Under a Cloud

    There's no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether they're lured by its compelling cost savings or its perceived advantages, security leaders are probing the capabilities and restrictions of the cloud. At the same time, security and compliance concerns remain issues holding large enterprises back from capitalizing on the cloud's benefits.

    Written by Jim Hietala25 Feb. 10 11:33

  • Is Compliance in the Cloud Possible?

    There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.

    Written by Jim Hietala07 Jan. 10 06:47

  • The Dangers of Over-Reliance on Compliance

    Have you noticed that many of the firms suffering high profile, serious, and expensive information security breaches have nonetheless been 'compliant' with certain laws, regulations, or standards? Consider the case of credit card processor Heartland Payment Systems, which recently suffered the unauthorized disclosure of over 100 million credit card and debit card transactions. The firm handles the transactions of over 175,000 merchants. Hundreds of banks have already had to reissue cards as a result of the breach. Note that Heartland was, at the time, certified as fully Payment Card Industry (PCI) compliant. Many other organizations that fall under various Federal, state, and industry regulations are continually experiencing breaches as well.

    Written by Charles Cresson Wood and Kevin Beaver06 Aug. 09 04:02

  • How to Write an Information Security Policy

    An Information Security Policy is the cornerstone of an Information Security Program. It should reflect the organization's objectives for security and the agreed upon management strategy for securing information.

    Written by Jennifer Bayuk17 June 09 05:31
  • 1

    How to get PCI DSS compliance right

    The road to becoming Payment Card Industry Data Security Standard (PCI DSS) compliant can be a long one, so here we give you the Security Standards Council's Prioritised Approach of six milestones to help your organisation start your journey.

    Written by CIO Staff21 May 09 16:06

  • Security Challenges of Electronic Medical Records

    President Obama has made the widespread deployment of Electronic Medical Records (EMRs) a priority in his latest stimulus plan. Feisal Nanji, Executive Director at Techumen, gives an overview of the security challenges this ambitious plan poses.

    Written by Feisal Nanji20 Feb. 09 09:42

  • PCI app security: Who's guarding the data bank?

    While Willy Sutton never really said it, the truth is that people rob banks because that is where the money is. Today's criminals don't walk into banks with loaded guns and get-away drivers. Rather they connect from a remote location using a browser and are armed with hacking tools and spyware.

    Written by Ben Rothke and David Mundhenk13 Oct. 08 12:09

  • Corporate security and the climate crisis

    US military strategists, CIA analysts, international agency officials and Nobel Prize winning economists concur with the consensus of the world's scientific community: the Climate Crisis is a planetary security issue, as well as a national security issue for each of the one hundred ninety two countries that belong to the United Nations. But the Climate Crisis is also, by extension, a corporate security issue, as well as, yes, a cyber security issue.

    Written by Richard Power03 Oct. 08 11:21

  • A view into Starbucks enterprise security

    When he describes the security function's goals at Starbucks Coffee, Francis D'Addario shares a 13-syllable mantra: Protect people. Secure assets. Enable mission.

    Written by Michael Golderg26 April 07 13:43

  • Tips for Managing IT Risks

    Scott Crawford, a security expert and research director with Enterprise Management Associates, offers his advice for minimizing security risks within IT

    Written by Katherine Walsh20 May 08 11:42

  • British CIOs adjust to laws covering disabled workers

    Disabled people have so far lost out on many of the benefits that technology has brought. But changes are on the way

    Written by John Lamb28 March 08 15:29

  • EU, US Passenger Data Sharing Deal Under Scrutiny

    Critics of the agreement allowing European passengers' personal data to be shared with US authorities have just under a month to reshape the accord before it comes into force, said Stavros Lambrinidis, vice president of the European Parliament's civil liberties committee.

    Written by Paul Meller03 July 07 15:13

  • Policy Experts Split on Spyware Laws

    Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation.

    Written by Matt Hines29 June 07 11:03

  • Retailers Asked to Adopt Standard to Combat Card Theft

    As governments around the world step up efforts to protect citizens from the potentially devastating effects of payment card data theft, merchants are being asked to comply with a new security standard.

    Written by Mari-Len De Guzman26 June 07 12:32
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources