essential guide to - Bitpipe

encryption, which does a great job of scrambling information, but the sensitive data is .... server running separate, but dedicated virtual servers,” he says. ...... Faced with either budget or human resource constraints, health care organizations.
3MB Sizes 7 Downloads 823 Views
I N F O R M A T I O N

ECURITY S

®

E SS E NTIAL G U I D E TO

COMPLIANCE

Compliance with federal and industry regulations drives spending and how most information security programs are shaped. There’s no avoiding it. We’ll help you sort and prioritize your responsibilities.

Q INSIDE

8 PCI Update: Clarity or Confusion?

15 New Mandates: Massachusetts and Nevada 23 HIPAA Gets Some Teeth 32 Disproportionate Pain

39 Prioritize Information Security over Compliance

INFOSECURITYMAG.COM

Database protection and compliance made simple. Guardium, an IBM Company, provides the simplest, most robust solution for continuously monitoring access to high-value databases and automating compliance controls for heterogeneous environments – assuring the integrity of trusted information and enabling enterprises to drive smarter business outcomes. •

Gain 100% visibility and control over your entire DBMS infrastructure.



Reduce complexity with a single set of cross-DBMS auditing and access control policies.



Enforce separation of duties and eliminate overhead of native DBMS logs.



Monitor privileged users, detect insider fraud and prevent cyberattacks.



Automate vulnerability assessment, data discovery, compliance reporting and sign-offs.

For more information, visit www.guardium.com/InformationSecurity

Copyright © 2010 Guardium, an IBM company. All rights reserved. Information is subject to change without notice. IBM, and the IBM logo are trademarks of International Business Machines Corporation in the United States, other countries or both.

contents ESSENTIAL GUIDE

COMPLIANCE

F E AT U R E S

8

PCI Update: Clarity or Confusion?

PCI DSS What you can expect from this fall’s update to the Payment Card Industry’s Data Security Standard. BY GEORGE V. HULME

15 New Mandates Massachusetts and Nevada usher in a new generation of data protection laws.

STATE DATA PROTECTION ACTS BY RICHARD MACKEY

23 HIPAA Gets Some Teeth The HITECH Act expands on HIPAA’s security requirements and increases penalties for non-compliance.

HIPAA

BY MARCIA SAVAGE

32 Disproportionate Pain Smaller public companies bear significantly higher pain in terms of revenue and costs per employee complying with Sarbanes-Oxley. BY NEIL ROITER

SOX

39 Prioritize Information Security Over Compliance RISK MANAGEMENT Organizations need to prioritize security over compliance to ensure comprehensive risk mitigation. BY TONY SPINELLI

44

3

Advertising Index

I N F O R M AT I O N S E C U R I T Y • ESSENTIAL G UIDE • COMPLIANCE

Find the cybercriminal. (Never mind. ArcSight Logger already did.)

Just downloaded the customer database onto a thumb drive.

Stop cybercriminals, enforce compliance and protect your company’s data with ArcSight Logger. Learn more at www.arcsight.com/logger. © 2010 ArcSight. All rights reserved.

EDITOR’S DESK

No Token Gesture

BY MICHAEL S. MIMOSO

The PCI Security Standards Council needs to embrace tokenization. TABLE OF CONTENTS

EDITOR’S DESK

PCI-DSS

STATE DATA PROTECTION ACTS

HIPAA

SOX

RISK MANAGEMENT

SPONSOR RESOURCES

5

t

“There are things being negotiated now that are gonna solve all your problems and answer all your questions. That’s all I can tell you now…” —Michael Corleone.

OK, so it’s a stretch to associate The Godfather with tokenization, but it’s a segue to a shoutout to the PCI Security Standards Council: Move swiftly and formall