data security news from FierceComplianceIT

It was huge news when RSA owned up to the stunning cyber attack in March that stole information that could compromise its vaunted SecureIT tokens. That a preeminent security company could be hacked

Cloud computing remains a hot topic and the object of a lot of investment. Like a lot of trendy technologies, the pace of adoption has run ahead of the pace of related compliance and security

Back on December 18, 2010, President Obama signed the Red Flags Program Clarification Act of 2010 into law. At first glance, the act cleared up some controversy surrounding the definition of

We've noted before that companies spend a lot of time and money safeguarding their data from external threats, which is smart of course. But we've also noted that companies tend to downplay the risk

Version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS) are already in effect, basically giving companies a year to implement and validate changes. This is not earth-shattering news

A company's GRC efforts can get pretty complex, no matter how much automation you try to bake in. The issues seem to multiplyg daily. To give us all a little guidance, CIO Insight offers eight data

During the ramp up to PCI DSS version 2.0--that is the Payment Card Industry Data Security Standards most recent release--there were some well-known big issues, like end-to-end encryption, for which

When people speak about data security within the enterprise, VoIP rarely comes up as a front-burner issue. But ComputerWorld reminds us that this might be a mistake, a potentially disastrous

We've been talking about the next iteration of Payment Card Industry Data Security Standard (PCI-DSS) for quite a while; the timeline for the release of PCI DSS 2.0 was never a secret. You could say

We've suggested on several occasions that in this time of budgetary constraint, compliance and security projects would likely be easier sells internally, with risk management not far behind. As the