Gartner Blog Network

Category: 'compliance' Blog Posts

from the Gartner Blog Network

Security And/Or/Vs/Not Compliance?

by Anton Chuvakin  |  April 28, 2014

When I got this Gartner blog, I made a promise to myself to avoid rants, as a matter of personal policy. I’ve done my share of rants on my previous...

Read more »

Comments: 3

If You Use Window XP - You Are NOT PCI DSS Compliant!

by Anton Chuvakin  |  April 10, 2014

It should be *painfully* obvious to anybody that in a few short weeks [or maybe now, depending on how you interpret it] any merchant using Windows XP systems or devices...

Read more »

Comments: 3

#RSAC Buzz -- Regulators Raising the Bar on Vendor Risk Management

by French Caldwell  |  February 27, 2014

  [caption id="attachment_816" align="alignnone" width="572"] Vendor Risk Management Is Flashing Hot[/caption] I went to the RSA conference once  -- it was really busy and hearing from my buddies at the...

Read more »

Comments: 2

WhiteHouse Announces PTO Will #Crowdsource Patent Review in Anti-Troll Initiative

by French Caldwell  |  February 21, 2014

As part of its anti-patent troll initiative, the White House announced a new crowdsourcing initiative at PTO.  Should be interesting.  Is government by the people taking on new expanded meaning...

Read more »

Comments: 1

Happy #GIGD, the Problem with Twitter, and Where's the Love for Info Gov?

by French Caldwell  |  February 20, 2014

[caption id="attachment_790" align="aligncenter" width="615"] I WASN'T SURE HOW TO WRAP THIS. HOPE YOU LIKE IT. HAPPY #GIGD![/caption] Global Information Governance Day -- who knew.  Not I, and I must apologize...

Read more »

Comments: 1

Highlights From Verizon PCI Report 2014

by Anton Chuvakin  |  February 13, 2014

Separate from the Data Breach Investigations Report (latest was in 2013), Verizon PCI report is another awesome resource for security practitioners. Grab your copy here [PDF]! Here are some of...

Read more »

Comments: 2

A Revolution in GRC Affairs at Gartner (or burning the EGRC mq)

by French Caldwell  |  February 4, 2014

Gartner's coverage of vendors in the GRC marketplace is about to change.  The main reason for the change, as noted in the most recent Enterprise Governance, Risk and Compliance Platforms...

Read more »

Comments: 3

To Improve Cloud Security, by 2020, Enterprises Will Fire Senior Managers

by French Caldwell  |  January 17, 2014

I came across a survey report last week from security and investigations service firm Stroz-Freiberg that highlights the fundamental tenet of effective compliance and risk management – tone at the...

Read more »

Comments: 1

New FFIEC Guidance on Social Media Risk Management Effective Immediately

by French Caldwell  |  December 13, 2013

The final guidance from the FFIEC on social media risk management for financial institutions has been promulgated.  It is effective immediately.  As I mentioned earlier this year, regulatory guidance of...

Read more »

Comments: 1

Briefly On PCI DSS 3.0

by Anton Chuvakin  |  November 8, 2013

So I’ve been sleeping on my copy of PCI DSS 3.0 for a few weeks already and now that it is finally public, I am ready to comment on it...

Read more »