Browsed by
Author: Luciana Contuzzi

What’s the Buzz About DFARS?

What’s the Buzz About DFARS?

It seems as if every day, more and more regulations are being implemented across a broad range of industries. Consequently, more and more compliance and data breaches are making their way to the news. One of our previous posts, “Export Control Compliance,” outlined some of the most prominent defense regulations instated today – ITAR and EAR. Another recent buzz word adding to this list is DFARS – The Defense Federal Acquisition Regulation Supplement. DFARS was implemented as a supplement to…

Read More Read More

Why Comply With PCI?

Why Comply With PCI?

There were 26.2 billion credit card transactions, 47.0 billion debit card transactions, and 9.2 billion prepaid card transactions that occurred in the U.S. in 2012. 1 That totals 82.4 billion transactions required to fall under PCI DSS Compliance and this number is only predicted to rise each year. Any business that stores, processes, or transmits any of this cardholder data is required to comply with PCI DSS (Payment Card Industry Data Security Standard). The PAN (Primary Account Number) on the…

Read More Read More

Stolen Devices: The Latest Epidemic in Healthcare

Stolen Devices: The Latest Epidemic in Healthcare

Technology innovations within the healthcare industry have risen exponentially in the last decade – consequentially, so have data breaches and theft. In 2013 alone, millions of patients’ protected health information (PHI) was compromised, costing healthcare organizations billions of dollars. Some of this information was even dated back decades prior, affecting individuals no longer affiliated with the compromised organizations. The U.S. Department of Health & Human Services (HHS) “must post a list of breaches of unsecured protected health information affecting 500…

Read More Read More

What is NERC CIP Compliance?

What is NERC CIP Compliance?

The North American Electric Reliability Corporation (NERC) develops and enforces CIP (Critical Infrastructure Protection) Reliability Standards corresponding to the Bulk Power System (BPS). Users, owners, and operators of the BPS under NERC jurisdiction serve more than 334 million people in the US, Canada, and northern Baja California, Mexico with their electricity. The NERC Security Guideline for the Electricity Sector addresses risks that can arise in the daily business of electricity organizations and practices to help mitigate these risks. An information…

Read More Read More

Who has access to my sensitive cardholder data? PCI DSS 3.0 says, “You better know!”

Who has access to my sensitive cardholder data? PCI DSS 3.0 says, “You better know!”

As we ring in the New Year, I think it’s important to take a moment to reflect upon and analyze some of the changes or updates to the Payment Card Industry Data Security Standard, commonly referred to as PCI DSS. Version 3.0 is effective and although Version 2.0 will remain active until December 31, 2014, organizations looking to remain compliant with the regulation should definitely take notice of the new changes, as it will help to mitigate their risk exposure….

Read More Read More

Discovering ITAR Related Content

Discovering ITAR Related Content

This is a follow-up on a previous blog post of mine. In my first post on Export Control Compliance I tried to explain what ITAR is and why it’s important for defense contractors, manufacturers and suppliers. Knowing or learning about it is great, but what we have learned from conversations with current customers is that discovering high-risk, sensitive USML related content is something that many organizations in the defense industry have struggled with in the past. Traditional enterprise-class DLP and…

Read More Read More

Export Control Compliance

Export Control Compliance

I was asked the other day by a colleague: “What is ITAR (International Traffic in Arms Regulations) compliance and why is it important?” So my research commenced. My findings, plentiful to say the least, was that ITAR, along with the Export Administration Regulations (EAR), are two of the most important United States Government export control laws. From the United States Department of State website, ITAR is a set of regulations responsible for the control of the permanent and temporary export…

Read More Read More

Universities a Top Target for Data Theft

Universities a Top Target for Data Theft

While researching data breach incidences within Universities and places of higher education, I stumbled upon the Privacy Rights Clearinghouse; an organization dedicated to consumer privacy and “raising awareness of how technology affects personal privacy”. According to the Privacy Rights Clearinghouse (www.privacyrights.org/data-breach/new), over 3,500 data breaches have been made public in US universities and educational institutions alone since 2005; equating to over 600,000,000 compromised records. But why universities? Are hackers and data thieves targeting the science department’s proprietary research? Well, maybe…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.