The completion of an information security risk assessment is a key requirement in all information security frameworks, including ISO 27002, NIST 800:53, HIPAA and PCI-DSS. A recent analysis of regulatory enforcement under HIPAA identifies risk assessment as a key area of weakness. While risk assessments are required, the specifics for how to perform a risk […]
Tag Archives: PCI-DSS Security Policy
To be effective, information security policies need to be read and understood by every member of the organization. This seemingly simple requirement is now becoming a standard practice to reduce risk, comply with regulations and demonstrate due-diligence. Why is this control so important and how can it be done in practice? Regulatory Requirements Every regulatory […]
The PCI Security Standards Council just released Version 3.0 of the Payment Card Industry Data Security Standard (PCI-DSS), the set of requirements for protecting credit card data. The update had some significant changes, including a greater focus on third-party information security. There are many articles describing the new changes to PCI-DSS V3, including a nice […]
The European Union recently released a set of draft recommendations for a major update to the current privacy framework that underpins Directive 95/46/EC. The changes would introduce a single set of rules on data protection, valid across the EU. The proposed changed give individuals more control over their personal information and would have a significant […]
Many organizations are building or updating written information security policies in response to the newly updated Payment Card Industry Data Security Standard (PCI-DSS). In this paper we describe how Information Shield security policy products can be used to save time and money building security policies that address the PCI-DSS requirements. PCI-DSS Policy Compliance Using Information [...]
Some organizations still receive little management support or funding for a sound information security policy program. Within the last several years, however, numerous federal, state and international regulations have been passed that require the protection of information. Many organizations are now enhancing their information security policies in response to legal and regulatory requirements. In some […]