Sponsored by NetIQ
  Minimize

Ask Rebecca Herold your IT compliance questions!
 Contact Rebecca Herold
 through email, the
 discussion board, or IM.
  Learn more...

     

Presented by Realtimepublishers
Register now to participate! Minimize
While you're welcome to browse the conversation, you'll need to log in or register to really Join the Conversation. Registration is free and takes only a few minutes, so why not sign up? Just click the "Get a Free Account" link near the top of the page. We look forward to meeting you!
     

The Conversation Minimize
Search
2  >>  
1.RE: Safe Harbor, Master Contracts, or Combination?
Posted By RebeccaHerold on 06/08/2006 4:06 PM
Hi Laurin,I passed your question on to one of my friends who is CISO at a large multinational retail...
2.RE: Have you run across any policy templates for "Network/System/DBA" policy that outlines responsibility, guidelines, and standard of condu
Posted By RebeccaHerold on 05/26/2006 12:32 PM
Charles Cresson Wood has a very nice book with this type of information and templates; "Information ...
3.RE: best practices for creating secure "virtual" databases, auditing, and authorization controls that restrict employee access to patient/cl
Posted By RebeccaHerold on 05/25/2006 7:29 PM
Thank you for your good and timely question.The best practices really are those tried and true, vali...
4.RE: Do you see external auditors still trying to figure out the whole regulatory requirements?
Posted By RebeccaHerold on 05/25/2006 11:53 AM
Actually I think most organizations are still trying to figure out how what regulatory requirements ...
5.RE: I am trying to determine if we must comply with the HIPAA security rule since we must comply with FERPA
Posted By RebeccaHerold on 05/23/2006 9:19 AM
Thank you for your message...I'm happy to hear Kevin's and my book, "The Practical Guide to HIPAA Pr...
6.RE: Policy n Procedure Data Migration help!
Posted By RebeccaHerold on 05/12/2006 11:04 AM
Policies, procedures and standards definitely need to be created to fit your own unique business env...
7.RE: is the tripwire way of doing file integrity checks the only way?
Posted By RebeccaHerold on 05/09/2006 1:22 PM
Thanks for your question. Typically examples are given within standards as examples and not as hard...
8.RE: Where should I focus to ensure that my applications (enterprise software, databases, web servers, etc.) are compliant with regulations?
Posted By RebeccaHerold on 05/08/2006 8:28 AM
Probably the most important place to focus to ensure your applications and systems are compliant is ...
9.RE: If I am compliant with ISO standard, am I also compliant with the PCI standard?
Posted By RebeccaHerold on 04/09/2006 9:16 PM
Thank you for your question.Keep in mind that ISO/IEC17799...which will likely be renamed sometime s...
10.RE: Policy & Procedure Adherence
Posted By RebeccaHerold on 04/04/2006 8:07 AM
Thank you for your questions. These simple questions are deceptively complicated to answer.You are ...
11.RE: What type of compliance controls are best suited for automation?
Posted By RebeccaHerold on 03/28/2006 5:21 PM
The overwhelming majority of compliance requirements are administrative and physical. However, ther...
12.RE: How does ITIL and ISO and CobiT integrate?
Posted By RebeccaHerold on 03/25/2006 9:04 AM
Thank you for the question. With various groups using each, it is important to make sure they are i...
13.RE: What are most organizations using as their guidance for complying with the IT/Info Sec implications of Basel II?
Posted By RebeccaHerold on 03/24/2006 8:32 AM
Over the past few years what I've overwhelmingly seen used for Basel II is COSO, although down under...
14.RE: Do I need a separate controls framework to address each of the regulations I face?
Posted By RebeccaHerold on 03/23/2006 10:41 AM
Thanks for the question. This is one that I get often, have written numerous articles addressing th...
15.RE: Reader Question: Are companies promoting security and privacy compliance as part of their marketing plans?
Posted By RebeccaHerold on 03/20/2006 10:08 AM
In the past few years I've seen a growing trend in marketing and advertising promoting information s...
16.RE: Reader Question: When medical records are sent to 3rd party for review, are these handling process subject to HIPAA rules?
Posted By RebeccaHerold on 03/15/2006 6:13 PM
Hmm…good question! It depends upon a number of factors. There are few easy, dry-cut answers when H...
17.RE: Why No General Privacy Law in US?
Posted By RebeccaHerold on 03/14/2006 9:59 PM
Historically companies lobbied against any legislation in favor of self-regulation, and the lawmaker...
18.RE: Reader Question: Do any laws explicitly require personal information to be encrypted?
Posted By RebeccaHerold on 03/09/2006 6:28 PM
This is a timely question; I just posted the first paper of March to this site and it addresses how ...
19.RE: More Lost Tapes!
Posted By RebeccaHerold on 03/03/2006 7:39 PM
Thank you for your post, Gregory. I agree...and regarding incidents, with laptops and backup media, ...
20.RE: Would You Hire A Hacker?
Posted By RebeccaHerold on 02/27/2006 8:26 PM
Hi Harry,Thank you for your post and insights! And, I'm glad to hear you liked my article. Speakin...
2  >>  



ActiveForums 3.5