- Chinese Internet censorship: An inside look
- Desktops of the future here today
- What network CEOs really make
- DoD sold counterfeit network gear
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
Enterasys Sentinel is now known as Enterasys NAC - see http://www.enterasys.com/products/advanced-security-apps/enterasys-network-access.aspx...- Anonymous
Governance and compliance are some of the least glamorous and most arduous parts of the identity management field. It's thankless work with little reward. Especially hard is the seemingly simple job of deciding which regulations apply to your enterprise, and what new things you need to implement as new regulations are promulgated and old ones are revised. And, of course, no one is subject to only one set of regulations, are they? What can you do about gaps and overlaps - and how can you find them? That's a lot of lemons, so it's not surprising that someone is making lemonade out of it.
With a name like Network Frontiers, you might expect a company to be on the cutting edge of technology. In fact, the company has been around for over 15 years and when I had the chance to talk to Network Frontiers CEO Dorian Cougias a couple of weeks ago, all he wanted to talk about were spreadsheets and a database. Hardly cutting edge, but very important, he wanted to emphasize, when dealing with regulatory compliance.
Now whenever we talk about regulatory compliance, names and acronyms like Sarbanes-Oxley, Graham-Leach-Bliley, PCI, HIPAA and one or two others dominate the discussion. But there are many more which we don’t mention. Network Frontiers has identified over 200! See the current list of the so-called “authority documents” (the documents which define the regulations) that Cougias’ database is currently tracking.
It’s nice to track the regulations, of course, but Network Frontiers does even more. They collate, cross-check, synthesize and synchronize all of these regulations after first cutting out the verbiage and rhetoric and getting down to the nitty (what information they apply to) and the gritty (what you have to do to comply). Dorian calls the result the Unified Compliance Framework (UCF).
In a nutshell, the UCF is the largest independent initiative to map IT controls across international regulations, standards, and best practices. It does this by “harmonizing” (Cougias’ term, I’d say “normalizing”) terms and controls against the backdrop of a master hierarchical list. Or, as Dorian finally said: “In simple terms this means that we can present the complex rules, standards, and policies you must follow in a simple spreadsheet format with in-depth links for you to drill down for as much information as you need.” (I like simple terms.)
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
