News

• Medical firm avoids Exchange nightmare with outside help

  International medical vendor Mediq was expanding in a big way by acquisition and needed a standard email platform across its business, but the project's cost and the complexity of doing it alone was so daunting that the company called on outside help that costs it less in the long run.

• ISACA refreshes best practices for IT shops

  Enterprise IT departments can look to the new COBIT 5 framework for governance and management best practices, according to ISACA, a global nonprofit IT industry group.

• 5 signs that you've lost control over your Cloud apps

  CIOs are waking up to the reality that they've lost control over access to data stored in software-as-a-service applications purchased by other departments.

• IETF explores new working group on identity management in the cloud

  Proponents of a common scheme for managing user identity in cloud-based applications will pitch their idea to the Internet's premier standards-setting body at a meeting in Paris later this month.

• Start up offers Saas app to manage data-breach incidents

  If your company suffered a data breach, would you know what to do to comply with state, federal and local law? Start-up Co3 Systems is offering a software-as-a-service (SaaS) application to tackle that unhappy task, tracking how a corporate data-loss incident is handled.

• IIIS: More pictures from the Implementing Information Infrastructure Symposium

  Data governance, risk, compliance and much more

• Companies explore private virtual worlds

  Meetings, conferences and training programs in a 3D virtual world such as Second Life can be more engaging and productive than traditional online sessions and phone calls, and much less expensive than face-to-face meetings requiring travel. But some companies aren't willing to take on the security and compliance risks of using a public platform and are instead opting for private virtual worlds created behind the corporate firewall.

• Legal risks of hosting data offshore highlighted

  Australian Cloud providers have been given a boost following warnings from a legal expert on the risks associated with hosting data offshore.

• Encryption adoption driven by PCI, fear of cyberattacks

  A survey of more than 900 IT managers shows that adoption of encryption in their organizations is being driven by two main factors, anxiety about possible cyberattacks and the need to meet the payment-card industry (PCI) data security standards.

• Upgraded retail security standard ignores mobile payments

  The second version of the Payment Card Industry (PCI) Data Security Standard (DSS) is being released this afternoon by the organization PCI Security Standards Council, which sets the network and security requirements for merchants and service providers handling sensitive cardholder data.

• Meeting the new PCI wireless requirements

  Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats.

• 10 steps to easier access management

  NEW YORK -- A CISO who spent two years organizing identity and access management for the 15,000 users on his network boiled the whole experience down into a 10-step process he presented at the Security Standard Conference this week.

• 2

  IT departments need software compliance officer: BSAA

  Having a member of an IT department responsible for software asset management is vital if businesses are to avoid mistakenly using pirated software or losing track of licences.

• Do security regulations hinder business?

  Government needs to better understand the realities of running profitable businesses -- and quickly -- as it imposes security regulations that can affect the profitability of corporations battling in a competitive environment.

• 2

  How to roll out full disk encryption on your PCs and laptops

  Hardly a week goes by when some organization or another doesn't lose some laptops and face a litany of IT security questions. One that always comes up: Were the systems' disks fully encrypted?