CyberScrub Data Disk Drive Erasure Compliance


Articles	Audiocasts/Podcasts		Government Reports
RSS Feeds
Compliance Solution Advisors Gramm-Leach-Bliley Sarbanes-Oxley		Regulatory Compliance SEC Rule 17A-4 HIPAA

This library offers a collection of information and resources specifically focused on computer security, data destruction, document life-cycle solutions, compliance and password management. All resources are available to post and distribute on your website, forums, blogs and other compilations, with the strict stipulation that these works must be published in their entirety, with full credit and notice given to their origin and copyright. You may also link directly to these items. Please contact us if you have any questions regarding re-publication or distribution.

Our goal is to develop a comprehensive security portal. We welcome your suggestions and will work hard to include information you may require. This project is in constant development, and your suggestions for additional content are very much appreciated.

We invite relevant, on-topic submissions for inclusion. If you are interested in submitting papers, audiocasts or other media, please contact us. We will also consider the exchange of links as applicable.

Articles

Legal Requirements to Delete EU Personal Data by James M. Jordan
This paper, prepared by the former Chief Privacy Leader and Senior Counsel for E-Commerce & Information Technology of General Electric Company is required reading for those assigned the stewardship of European-based personal data and records.

Data Destruction and Document Life Cycle Policies:
Considerations for Compliance with Federal Mandates and Acts
A perspective on issues relating to Electronic Data Retention and how this relates to compliance with federal and state regulations such as Sarbanes-Oxley (SOX), HIPAA, FACTA, Gramm-Leach-Bliley (GBL) and other.

The Seven Sins of Degaussing
Degaussing a hard drive is a procedure that utilizes a machine to produce strong electromagnetic fields that destroy magnetic data on a disk. While many are initially impressed with the speed of this process, there are serious disadvantages to degaussing.

Security Issues with Decommissioning Magnetic Media
This document describes practical considerations of taking magnetic media out of useful service of transferring such media to other departments of organizations. After raising awareness of the security, business and legal concerns, the document evaluates different techniques for the reader to be able to assess his options. Finally, the cyberCide™ product is presented as a cost-effective solution to address these risks.

Legal and Regulatory Violations Caused by Not Destroying Data Before Discarding
A comprehensive chart referencing various types of data and the acts and regulations they are subject to. An essential resource for compliance.

Practical Uses of CyberScrub Technology to Ensure the Secure Deletion of Data
This paper will touch briefly on the practical applications of deploying CyberScrub products and technology to 1) wipe free and slack space on hard drives and 2) affect the transparent secure erasure of selected files and folders through standard keyboard interaction.

^back to top

Audiocasts/Podcasts

AUDIOCAST/PODCAST
Listen to this informative talk by noted attorney and Ziff Davis Security Virtual Tradeshow panelist Jon Neiditz. Topics include the implications of data destruction in reference to federal compliance acts and policies.

^back to top

Government Reports

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE
An astounding number ( >40%) of health insurance contractors and state Medicaid agencies experienced a breach of PHI and other privileged health information within the last 24 months, according to a new Government Accounting Office report.

^back to top

Compliance Solution Advisors Headlines

^back to top

Gramm-Leach-Bliley Act Headlines

Windows 7 Security and Compliance
Organizations today are under increased pressure to secure their computers, protect their users' and customers' data, and comply with new regulations. Download this paper to learn how Dell computers running Microsoft Windows 7 can help you make your operations more secure and meet compliance requirements.

BRMS Demo: Test and simulate rules using WebSphere ILOG Business Rules Management System
Learn how WebSphere ILOG Business Rules Management System (BRMS) allows organizations to easily adapt business rules while ensuring compliance with policy requirements and analyzing the business impact of changes against key performance indicators. You will see how the BRMS is used in the back office to create eligibility rules that will be used to automatically screen auto insurance applicants.

The state of privacy and data security compliance
With new privacy and data security regulations increasing, organizations are asking questions. Do the new regulations help or hinder the ability to protect sensitive and confidential information? With these new regulations on the march, how can you remain competitive in the global marketplace? This report provides answers and examines how compliance efforts can impact a company's bottom line.

Harmonizing Controls to Reduce Your Cost of Compliance
Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations. Audit preparation typically occurs in functional silos, with different project teams focused on addressing an individual compliance initiative, resulting in significant operational inefficiencies and higher costs to demonstrate compliance. This webinar examines the Unified Compliance Framework and how it can be leveraged to harmonize controls across multiple regulations such as PCI, SOX, HIPAA, NERC and many others. Learn how to eliminate overlapping control requirements and ensure a more efficient and less costly approach to compliance.

Endpoint Security Considerations for Achieving GLBA Compliance
Rebooting the global financial system may take years. The international move to new regulatory organizations will require financial institutions to change the way they do business. No one knows exactly how the system will change yet, but one thing is certain: financial institutions will be required to protect the security and confidentiality of customer information. The Gramm-Leach-Bliley Act (GLBA) of 1999 (P.L. 106-102) defines guidelines and standards for safeguarding customer information. These rules apply to all financial institutions doing business in the U.S. New laws and financial regulations for the coming reboot may change GLBA, but increasing threats to customer data will only guarantee tighter security requirements.

Basel II Compliance With Tripwire: Configuration Control for Virtual and Physical Infrastructures
As if financial institutions did not have enough compliance worries, a new international standard - Basel II - now looms on the compliance horizon. Unlike other laws and standards affecting financial institutions in the US and overseas such as the Gramm-Leach-Bliley Act ("GLBA"), the EU Data Protection Directive and the PCI Data Security Standard, however, the ramifications of this law extend beyond protection of electronic consumer data. Instead, Basel II focuses on the institution's core functions of evaluating, planning for, and disclosing financial risk.

Achieving Federal Desktop Core Configuration Compliance (FDCC) with Lumension® Solutions
The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration set applicable within United States Federal Government agencies. Private enterprises may also choose to utilize this established framework as a foundation for their own security configuration baselines. All federal agencies that utilize or plan an upgrade to either Windows XP or Vista must report compliance, with FDCC reporting requirements dictated by the standard FISMA reporting guidance. The FDCC specific configuration requirements are generally based on the "Principle of Least Privilege" restricting user and machine rights. This whitepaper examines the FDCC requirements, the compliance challenges including vulnerability management, change control, and system security management and also highlights how Lumension's SCAP Validated FDCC scanner is integrated with a complete vulnerability management solution to effectively enable compliance with these standards.

Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications
View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line. You'll learn to: Improve performance of the production environment Archive or purge inactive transactional data automatically to an online database or offline flat file Maintain complete application integrity Comply with data retention regulations Reduce application storage footprint Enable accessibility to archived data Further your bottom-line savings with application retirement Sponsored by:

Developing a Sustainable IT Compliance Program
Today's IT compliance environment is becoming increasingly complex, driven by pressures in both the legislative environment and in technology itself. The legislative environment around IT is extremely complicated and changing rapidly. Companies must now respond to legislation at the state, national, and international levels — nvironments which are complex and often ontradictory. At the same time, the legal penalties for non-compliance and data breaches are skyrocketing. New technology trends are simultaneously increasing the complexity of the computing environment, making compliance more difficult and issues more nebulous. Read this ExecBlueprint, featuring insights from three top compliance attorneys, to see why IT leaders must partner with their peers throughout the organization to create a complete compliance program that is robust and sensitive to the forces continually shaping the landscape.

Dynamic Warehousing for Banking Buyer's Guide: A comprehensive solution for leveraging data in today's financial industry
Most organizations realize that the key to success lies in how well they manage data—and the banking industry is no exception. From customer statistics to strategic plans to employee communications, financial institutions are constantly juggling endless types of information. Not only does this data provide the basis for major corporate moves, it also impacts business on a more granular level by helping to maintain customer loyalty and improve staff productivity. Simply put, a bank's information is its lifeline. That's why it's critical for financial institutions to be able to access relevant data when it's needed most.

Privilege Access Control For Compliance with Gramm-Leach-Bliley Act (GLBA)
Symark PowerBroker enables IT compliance with the Gramm-Leach-Bliley Act protecting consumers' non-public personal information on UNIX & Linux systems. Gartner's paper on the importance of controlling UNIX superuser privileges is reviewed to explain the security gap between UNIX operating system design and GLBA compliance. PowerBroker bridges that gap--securing private consumer information through privilege delegation, encryption, and accountability.

Passing Compliance Audits in Heterogeneous UNIX/Linux Datacenters
Lack of access controls in native UNIX/Linux operating systems prevents them from passing today's compliance audits. Security issues surrounding the practice of sharing access to privileged accounts and the absence of least-privilege access control makes accountability a near impossibility. Symark Software's PowerBroker enables IT departments to bring these systems into compliance with multiple mandates such as PCI DSS, SOX, HIPAA and GLBA. PowerBroker creates RBAC-like access control that simplifies and lowers the costs security administration across heterogeneous platforms.

Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
Concerned your site is not in compliance with serious data regulations? Be sure to stay on top of regulations such as PCI, HIPAA, Sarbanes-Oxley, FISMA and others which help keep your customers safe. Learn about these regulations and how to comply with them when you read this free white paper, "Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology."

iSeminar: Meeting the Challenges of Compliance
This Internet seminar explores the compliance issues facing midsize organizations and how Oracle solutions can resolve them affordably and efficiently.

Identity Management for Midsize Businesses: Reducing Costs, Securing Data and Ensuring Compliance
This whitepaper highlights the unique needs of midsize businesses and explores the factors driving them toward stronger identity management platforms, such as Oracle Identity Management.

^back to top

Sarbanes-Oxley Headlines

Business Intelligence for IT: If you could measure anything ...What would you measure?
The CIO has a tough problem. The leading companies in the industry are innovating through technology because more and more IT is the key strategic differentiator. But IT isn't understood or fully trusted by the business. IT doesn't have equal standing in strategy discussions because IT is not seen as delivering value and isn't accountable like the business is. So IT's voice may not be heard. Is it possible that a critical strategic direction will fail because of this? You can easily see the power of poor IT business intelligence by noting the CIO's continual challenge not just to prove the value of IT, but even more basically-to justify the IT budget. Proving the value of IT and demonstrating IT's strategic alignment with the business have made the list of top ten challenges for CIOs for more than a decade

Christiana Care Health System - Healthcare IT department develops project leaders through e-learning
Christiana Care's IT department supports various projects throughout the health system that often require specialized training or expertise in particular IT areas, as well as project management skills. Following a recent reorganization and re-evaluation of job roles, the IT department needed to find a way to train existing staff quickly and cost-effectively to support various information technology needs throughout the organization.

Discover and visualize your dynamic IT Infrastructure Solution Brief
IBM Tivoli Application Dependency Discovery Manager supports the alignment of IT and business with robust and automated application mapping and discovery that helps organizations understand the impact of change and meet compliance needs with detailed reporting and auditing.

HP CloudSystem Matrix: Managing at a Higher Level
As IT's economic and social importance ratchets up every year, so do the scale points and service levels required. We have to keep upping the bar. One of the key problems over the years is that manageability has been thought of, designed, and acquired as an add-on. We buy and deploy tools to monitor and coordinate. But they're installed after the fact, rather than "part of the system." We must move to a higher level of management-one focused on business applications and delivered service levels, and on the processes that IT and business users participate in. HP's CloudSystem is a coordinated system for setting up pools of modular resources and flexibly deploying IT services across those pools. Co-Sponsored by:

Should you invest in GRC Tools?
An organization's GRC strategy is only as good as the tools used to implement it. Home grown GRC tools, perceived by many as a quick fix to undertake complex compliance requirements, often fail to scale and perform miserably leaving organizations on the brink of non-compliance. This paper takes a detailed look at how automated GRC solutions can not only help organizations in staying on top of rules and regulations, but also standardize and align business processes, enable effective risk management, and bring transparency in operations apart from reducing management overhead. It also builds a strong case for CIOs, CTOs, and GRC implementation teams to invest in IT GRC tools as a means for adding significant business value and gaining competitive advantage.

Managed data backup using cloud-based solutions: Help protect your data with a cost-effective, managed backup solution
How does your organization manage and protect mission critical data? This can be a challenge when faced with rapid information growth and potential outages. This data sheet discusses how IBM can help you protect data, reduce costs and meet compliance requirements with a managed, scalable and cost-effective data center environment that enables business resiliency and continuous availability.

Seattle Children's Hospital Implements Desktop Virtualization
View this webinar to learn how Seattle Children's Hospital was able to successfully deal with compliance issues, security requirements, budget constraints and more, all while ensuring a high quality user experience with Citrix XenDesktop and Wyse Xenith.

Non-Compliance Costs: Should Your Organization Invest in GRC Tools?
Compliance regulations are increasing in quantity and complexity. Many organizations are staying on-top of compliance requirements by leveraging an integrated governance, risk and compliance (GRC) framework. Although (GRC) best practices are being adopted as the solution for non-compliance by many, how do you decide whether your organization needs a GRC tool? How do you make a convincing presentation to management that GRC's are not only affordable, but can actually reduce the likelihood and impact of incidents enough to justify their costs? To Know more watch this webinar

Top Requirements for Successfully Automating SOX Quarterly Self-Assessments
For many organizations, Sarbanes-Oxley compliance is mandatory, but automation of the self-assessment process can make it less painful. There are many advantages to using an IT GRC tool to automate assessments such as speed, efficiency, data integrity, and improved analysis. Watch the webinar to know more.

10 Best Practices for Archiving
Every company—whether large or small, public or private—better have strong email and data retention policies in place. Why? Compliance issues, litigation readiness—we're talking legal ramifications here. In this Quest white paper, see why email archiving isn't just a luxury—it's a necessity. You'll learn the 10 best practices to plan, evaluate, and implement an archiving solution to manage your email for compliance and litigation.

Virtualization-Infrastructure-Optimization-Reference-Guide
IT leaders are on a continuous quest for a more efficient, flexible and better-performing infrastructure that supports the mission requirements of their businesses. To meet these goals, they're turning to virtualization and infrastructure optimization tools that help make the most of existing hardware and software investments and reduce the administrative demands placed on overextended IT staffers. At CDW, we're committed to getting you everything you need to make the right purchasing decisions--from products and services to information about the latest technology. Our Reference Guides are designed to provide you with an in-depth look at the topics that relate directly to the IT challenges you face.

Regulatory Compliance and Least Privilege Security
This whitepaper covers least privilege security, in particular its impact on regulatory compliance. Microsoft's efforts to reduce the reliance on administrative privileges and improve application compatibility with standard user accounts with User Account Control has been successful, but pain points still persist for organizations looking to remain flexible and secure.

Solutions Brief Oracle Fusion Governance, Risk, and Compliance: The New Standard for Risk Management and Compliance
Oracle Fusion Governance, Risk, and Compliance is a modular suite of applications designed to work as a complete enterprise governance, risk, and compliance solution or as modular extensions to your existing risk management and compliance applications portfolio.

2010 IBM Global IT Risk Study
With IT playing an increasingly critical role in today's 24x7, interconnected world and with government and industry oversight increasing, the IT risks that CIOs and IT leaders manage are becoming more and more complex. IBM surveyed IT leaders in order to better understand the areas that they are focusing on today, and where they see opportunities and challenges in the short term. Read the report to learn about the funding challenges IT leaders face and how they are addressing risk in the short term.

Risk Maturity Assessment
Measures maturity level in three key disciplines of risk management: Effective risk governance, Solid IT foundation. Provides graphic display of assessment results (online version) or a numerical score (paper version). Compares client results to benchmarks from a survey of 258 business and IT executives.

^back to top

Regulatory Compliance Headlines

Secure, affordable and easy-to-administer healthcare networks (Resource Center)
HP enables healthcare organizations to expand services, while increasing data protection and decreasing costs by providing an alternative to low-performance, multi-tiered network designs that are built on legacy platforms and hampered by high cost and complexity. The HP Intelligent Resilient Framework (IRF) technology enables flatter network designs and easier-to manage infrastructure. It helps large healthcare organizations create a virtual switching fabric that delivers geographic independence, distributed high availability, resiliency, and millisecond re-convergence across Layer 2 and 3 protocols.

Securing ePHI With Effective Database Activity Monitoring
In this webcast, the presenters say about electronic patient health information can be widely distributed throughout multiple databases within a provider's IT infrastructure. Monitoring and logging all database activity to ensure that sensitive data is being accessed appropriately, and by the right people, is critical to preventing costly and embarrassing data breaches and meeting HIPAA/HITECH compliance requirements.

HIPAA: Healthcare Transformation to Electronic Communications
This white paper provides a brief overview of HIPAA regulations and how healthcare organizations are using technology to assist with compliance. It discusses network faxing, explores some of the advantages of implementing a network fax solutions to support HIPAA compliance initiatives, and introduces Open Text Fax Server, RightFax Edition as a flexible tool for improving the security and overall efficiency of document transmission processes.

Wireless Solutions in Healthcare Solution Brief
Many healthcare organizations have a vast array of devices that may require network connectivity. Some may be dated and involve legacy technology. HP Networking solutions can help healthcare organizations retain these legacy devices and update their existing network with scalable, resilient and redundant wireless technology as communication needs grow. HP mobility solutions deliver flexible choices that scale with business needs. HP Networking offers a broad portfolio of wireless solutions designed to provide healthcare organizations with high quality choices to meet all their mobility needs. Co-Sponsored by:

Secure, Affordable and Easy-to-Administer Healthcare Networks Solution Brief
HP enables healthcare organizations to expand services, while increasing data protection and decreasing costs by providing an alternative to low-performance, multi-tiered network designs that are built on legacy platforms and hampered by high cost and complexity. The HP Intelligent Resilient Framework (IRF) technology enables flatter network designs and easier-to manage infrastructure. It helps large healthcare organizations create a virtual switching fabric that delivers geographic independence, distributed high availability, resiliency, and millisecond re-convergence across Layer 2 and 3 protocols. Co-Sponsored by:

Blue Cross Blue Shield of Tennessee Auto-Encrypts Patient Data
Blue Cross Blue Shield of Tennessee (BCBST) serves more than two mil-lion people across Tennessee with health plan coverage and insurance products, and has more than five million customers nationwide. To ensure compliance with HIPAA, BCBST needed to protect patient data against unauthorized access - even where disks, laptops and USB keys are taken off site. To extend data protection across all devices and to keep the administrative burden to a minimum, BCBST deployed IBM Tivoli Key Lifecycle Manager Software to manage all encryption keys. BCBST has transformed its enterprise data encryption standards, and is in the process of completing operating system encryption for more than1,000 servers, in addition to enforcing encryption on countless removable media devices and remote systems, such as USB sticks, CD/DVD drives, Blackberrys and iPads.

Business Analytics and the Path to Better Decisions in Healthcare
This white paper considers the use of analytics and business intelligence for improving decision making in healthcare and the benefits of prebuilt analytic applications for achieving this objective across many functions of a healthcare organization.

Your Prescription for a Robust Healthcare IT Disaster Recovery Plan
All too often, organizations experience events that cause devastating compromises to their operations. No organization hopes for a disaster, but the need for a disaster recovery plan remains real and unavoidable. A quick and effective response can make the difference between an incident and a catastrophe, and while disaster recovery planning is essential for all industries, it is critical in the healthcare field. The Health Insurance Portability and Accountability Act (HIPAA) requires that all healthcare provider organizations plan for contingencies and outages. This paper explores the disaster recovery planning process in the healthcare setting.

^back to top

SEC Rule 17A-4

Compliance: SEC 17a-4/NASD 3010/3110
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today.

The Case for Document Management
Are you asking how to avoid court-imposed sanctions? Are you wondering how to keep the escalating costs of electronic and paper discovery to a minimum? Whether the objective is to handle litigation, deliver new contracts, or projects, companies today need solutions that promote teamwork. However, common bottlenecks inhibit many organizations from achieving their peak performance: Risk imposed by compliance regulations and corporate guidelines Quality problems and delivery delays caused by inefficient processes Lack of coordination between external partners, vendors, parties and clients Difficulties in capturing, finding, and leveraging organizational knowledge The ViewWise Document Management Solution can help your organization address compliancy and eDiscovery efforts. Computhink's ViewWise was created to assist organizations by helping eliminate the content burden that surrounds most offices today. ViewWise does this by helping organizations with access, archiving, storage, security, workflow and tracking of Electronic Content, while providing simple options for scanning, integrating, importing, and classifying.

Getting ahead of security issues, compliance regulations and IT processes
It can be difficult to ensure the confidentiality and integrity of your critical data with customers demanding 24/7 secure access to their data and regulators applying pressure on your business. In this Risk, Compliance and Security e-Kit for Financial Institutions, you'll learn about IBM security solutions that proactively protect against worms, viruses and other threats. There is a Tower Group white paper on the need for stronger consumer banking authentication, a study about innovative solutions for identifying, measuring, and optimizing operational risks and an ISS case study about staying on top of new vulnerabilities. Plus, six other reports on preventive solutions to security.

Data Quality, Compliance, and Risk for Financial Institutions
Poor data quality is endemic in most financial institutions, with risk managers frequently citing a lack of clean, high-quality data as the biggest inhibitor to achieving their risk management and regulatory compliance objectives. To combat the problem, Informatica offers data quality scorecarding capabilities -- a metrics-driven approach to measuring, tracking, and reporting on data quality defects. Read this informative white paper to learn more about it.

An Integrated Approach to Managing Governance, Risk, and Compliance
Given today's highly regulated environment, how can you control risk, drive performance, and inspire greater stakeholder confidence? To address these requirements, forward-thinking organizations are moving toward an integrated program of governance, risk, and compliance (GRC) management. Download this SAP white paper to learn about a GRC approach that can help you confidently address all regulatory- and business-related risks while lowering your overall cost of compliance.

The State of the Art in Finance
Benchmarking is an important tool that finance organizations use to stay competitive. It allows them to determine the value of adopting best practices and changing business processes. To assess the trends in the finance function and identify best practices, APQC (formerly known as The American Productivity and Quality Center) has evaluated the performance of over 130 finance organizations. The study included these key processes: Financial strategy and planning Internal controls Treasury Revenue accounting (order to cash) General accounting Fixed assets and project accounting Accounts payable and expense reporting Tax Payroll This SAP Insight report discusses the results of the APQC survey, as well as research performed by SAP, in light of the current state of the finance function in U.S. companies, the challenges to that function, and the road map to increasing its strategic capabilities.

Optimizing Your IT Controls Environment for Compliance with Multiple Regulations
This IDC white paper focuses on the compelling need for today's businesses to understand how they can more efficiently manage multi-regulation compliance. It reviews certain regulations and how to track which pieces of what regulations are fulfilled when security solutions are deployed. The paper: Reviews a subset of regulatory legislation and industry standards Illustrates common overlaps in certain regulations and standards Offers a "best practice" option for tracking certain aspects of each regulation and ensuring each is covered by a corresponding technological solution The small subset of regulations and standards covered in this white paper include CobiT, HIPAA, ISO 17799:2005, ITIL, the PCI Data Security Standard, and Sarbanes-Oxley (SOX). They are the focus of IDC's research because they affect a large number of corporate entities and their customers. (Sponsored by Symantec)

IT Project and Portfolio Management and Application Life Cycle: Understanding the Market and Enabling IT/Business Coordination
Today, Global 2000 organizations are striving to gain strategic advantage and efficiencies of scale through better governance and management of IT projects and programs. This executive level white paper from IDC offers in-depth analysis into the benefits of integrating Application Life-Cycle Management and IT Project Portfolio Management capabilities and processes to enable qualitative assessments about project/program success. This is a must read for IT leaders tackling the strategic and operational challenges of IT/business alignment, off-shoring, outsourcing and regulatory compliance.

Top 10 Reasons Why Online Backup is Replacing Tape
Your most important asset - your corporate data - is far too valuable to entrust to cumbersome tape processes, unreliable backup media, and painstakingly slow recoveries. Small and medium-sized businesses (SMBs) are rapidly turning to online backup and recovery to displace older, manual, less reliable tape backup. In fact, a staggering 76.5% of IT professionals plan to change the way they do backup over the next 18 months. Online backup promises to address the challenges posed by traditional tape backup solutions. This white paper explores why today's SMBs use online backup and recovery to protect their SQL database, Exchange, application and file servers. Learn the top ten reasons why SMBs are embracing online backup and recovery to protect server data including automatic, continuous data protection (CDP), secure offsite storage, and data encryption for reliable server backup and disaster recovery.

An Overview of HP RISS
Download this informative report from the Taneja Group for an in-depth analysis of HP’s Reference Information Storage System (RISS). The report highlights the key benefits of RISS’s smart cell architecture and its approach to active archiving. Learn what key differentiators set the RISS solution apart from its competitors, and find out how RISS’s object model architecture inherently satisfies the most fundamental requirements for regulatory compliance.

Mainframe Webcast Updates - eTrust CA-Top Secret Security - What's New and What's Next
Computer Associates (CA) is committed to ensuring that eTrust solutions be the most flexible, cost effective z/OS security solutions on the market. This webcast will highlight how the eTrust solutions can assist in your organization's regulatory compliance efforts including HIPPA, Sarbanes Oxley, etc.

Data Governance: Regulatory Compliance and Business Continuity
This paper examines the challenges associated with data assets, identifies and defines a few key regulations that are affecting organizations, and examines how a business focused approach and a flexible storage infrastructure can help organizations resolve data governance issues. A modern organization needs to guarantee the availability of its data and applications, the integrity of the data itself (or what good would the data be?), and its security, whether regulations demand compliance or not. Therefore, data governance is really about building compliance requirements and associated exposures into the continuity of business operations.

^back to top

HIPAA

Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records
The purpose of this guidance is to explain the relationship between the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, and to address apparent confusion on the part of school administrators, health care professionals, and others as to how these two laws apply to records maintained on students. It also addresses certain disclosures that are allowed without consent or authorization under both laws, especially those related to health and safety emergency situations.

From Insider Abuse to Insider Accountability: Identity Analytics Discover Insider Threats
Stricter enforcement of H1PAA privacy and security rules are creating an impetus for improved monitoring of insider privilege abuse. The traditional IT security focus on strong perimeter security, while assuming internal activity can be trusted, is no longer sufficient. There is a need for verification that user access and activity is necessary and appropriate to the user's job function and responsibilities, and no more, However, there Is also a need to provide verification and reporting in a way that business managers and executives can quickly understand and that does not tax an already overworked IT staff.

Building Regulatory Compliant Storage Systems
In the past decade, informational records have become entirely digital. These include financial statements, health care records, student records, private consumer information and other sensitive data. Because of the delicate nature of the data these records contain, Congress and the courts have begun to recognize the importance of properly storing and securing electronic records. Examples of legislation include the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Gramm-Leach-Bliley Act (GLBA) of 1999, and the more recent Federal Information Security Management Act (FISMA) and Sarbanes-OXley Act (SOX) of 2002.Altogether, there exist over 4,000 acts and regulations that govern digital storage, all with a varying range of requirements for maintaining electronic records.

Organizational Power and Information Security Implementation
This purpose of this paper is to show how the implementation of information systems security policies in an organization can be improved by applying a power exercise model. It argues that stakeholders' awareness of the power being exercised by the policy enforcers, affects the success of the policy implementation. The model is developed by adapting, and extending, a power exercise framework presented by Markus and Bjørn-Andersen. The information systems security policy model is applied to the introduction and compliance of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) at Health Co-Systems, a non-profit health care organization in a major United States city.

Healthcare Security Oversight for HIPAA Audit and Compliance
Executives and IT professionals at healthcare organizations are facing an overwhelming flood of new responsibilities set by HIPAA, the Health Insurance Portability and Accountability Act. Because this act was meant to encourage the healthcare industry to simplify the administration of records processing through electronic data interchange, HIPAA also includes security requirements to protect the confidentiality, integrity and availability of electronic Patient Health Information (ePHI). The scope of the HIPAA Security Standard poses an operational dilemma. Compliance with the standard requires the use of many security technologies and best practices to demonstrate strong efforts towards complying with this federal regulation.

Wi-Fi, Healthcare & HIPAA: WLAN Management in the Modern Hospital
The combination of HIPAA regulations and the critical nature of hospital applications have made wireless LAN management one of the top issues facing health care IT organizations. This paper looks at solutions specifically designed to meet these challenges, and provide technical teams with the best practices needed stay in control of their networks today and into the future.

^back to top