CyberScrub Data Disk Drive Erasure Compliance- HIPAA SOX GLB FACTA

home > resources library

CyberScrub Network Products


Articles	Audiocasts/Podcasts		Government Reports
RSS Feeds
Compliance Solution Advisors Gramm-Leach-Bliley Sarbanes-Oxley		Regulatory Compliance SEC Rule 17A-4 HIPAA

This library offers a collection of information and resources specifically focused on computer security, data destruction, document life-cycle solutions, compliance and password management. All resources are available to post and distribute on your website, forums, blogs and other compilations, with the strict stipulation that these works must be published in their entirety, with full credit and notice given to their origin and copyright. You may also link directly to these items. Please contact us if you have any questions regarding re-publication or distribution.

Our goal is to develop a comprehensive security portal. We welcome your suggestions and will work hard to include information you may require. This project is in constant development, and your suggestions for additional content are very much appreciated.

We invite relevant, on-topic submissions for inclusion. If you are interested in submitting papers, audiocasts or other media, please contact us. We will also consider the exchange of links as applicable.

Articles

Legal Requirements to Delete EU Personal Data by James M. Jordan
This paper, prepared by the former Chief Privacy Leader and Senior Counsel for E-Commerce & Information Technology of General Electric Company is required reading for those assigned the stewardship of European-based personal data and records.

Data Destruction and Document Life Cycle Policies:
Considerations for Compliance with Federal Mandates and Acts
A perspective on issues relating to Electronic Data Retention and how this relates to compliance with federal and state regulations such as Sarbanes-Oxley (SOX), HIPAA, FACTA, Gramm-Leach-Bliley (GBL) and other.

The Seven Sins of Degaussing
Degaussing a hard drive is a procedure that utilizes a machine to produce strong electromagnetic fields that destroy magnetic data on a disk. While many are initially impressed with the speed of this process, there are serious disadvantages to degaussing.

Security Issues with Decommissioning Magnetic Media
This document describes practical considerations of taking magnetic media out of useful service of transferring such media to other departments of organizations. After raising awareness of the security, business and legal concerns, the document evaluates different techniques for the reader to be able to assess his options. Finally, the cyberCide™ product is presented as a cost-effective solution to address these risks.

Legal and Regulatory Violations Caused by Not Destroying Data Before Discarding
A comprehensive chart referencing various types of data and the acts and regulations they are subject to. An essential resource for compliance.

Practical Uses of CyberScrub Technology to Ensure the Secure Deletion of Data
This paper will touch briefly on the practical applications of deploying CyberScrub products and technology to 1) wipe free and slack space on hard drives and 2) affect the transparent secure erasure of selected files and folders through standard keyboard interaction.

^back to top

Audiocasts/Podcasts

AUDIOCAST/PODCAST
Listen to this informative talk by noted attorney and Ziff Davis Security Virtual Tradeshow panelist Jon Neiditz. Topics include the implications of data destruction in reference to federal compliance acts and policies.

^back to top

Government Reports

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE
An astounding number ( >40%) of health insurance contractors and state Medicaid agencies experienced a breach of PHI and other privileged health information within the last 24 months, according to a new Government Accounting Office report.

^back to top

Compliance Solution Advisors Headlines

^back to top

Gramm-Leach-Bliley Act Headlines

LogRhythm and GLBA Compliance
The Gramm-Leach-Bliley Act (GLBA), also known as The Financial Modernization Act of 1999, was enacted to ensure protection over customer's records and information. Authorization to implement this act was given to The Federal Trade Commission (FTC) with an effective date for compliance set on May 23, 2003. GLBA consists of three primary parts; the Financial Privacy Rule, Safeguards Rule, and Pretexting provisions.

Harmonizing Controls to Reduce Your Cost of Compliance
Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations. Audit preparation typically occurs in functional silos, with different project teams focused on addressing an individual compliance initiative, resulting in significant operational inefficiencies and higher costs to demonstrate compliance. This webinar examines the Unified Compliance Framework and how it can be leveraged to harmonize controls across multiple regulations such as PCI, SOX, HIPAA, NERC and many others. Learn how to eliminate overlapping control requirements and ensure a more efficient and less costly approach to compliance.

Endpoint Security Considerations for Achieving GLBA Compliance
Rebooting the global financial system may take years. The international move to new regulatory organizations will require financial institutions to change the way they do business. No one knows exactly how the system will change yet, but one thing is certain: financial institutions will be required to protect the security and confidentiality of customer information. The Gramm-Leach-Bliley Act (GLBA) of 1999 (P.L. 106-102) defines guidelines and standards for safeguarding customer information. These rules apply to all financial institutions doing business in the U.S. New laws and financial regulations for the coming reboot may change GLBA, but increasing threats to customer data will only guarantee tighter security requirements.

GLBA Compliance Requires That Leaks Be Sealed
Financial institutions must protect customer privacy and adhere to regulatory requirements. The Gramm-Leach-Bliley Act of 1999 (GLBA) restricts the sharing of private customer data; even the accidental loss of sensitive information can trigger profound consequences. Not just limited to banks, GLBA applies broadly to the financial community. It affects financial institutions such as non-bank mortgage lenders, insurance companies and investment advisors. In addition to formulating a privacy policy, financial institutions must implement "Administrative, technical and physical safeguards", according to the Federal Trade Commission.

Pkware Case Study: Financial Services Provider #9
The client is one of the 10 largest banks in the United States, operating thousands of branch locations, home mortgage stores, and other offices. A specific division of the bank operates as a full-service financial institution that serves automobile companies and new car dealers, handling financing, retail loans, leasing programs, and customer credit applications. The challenge was GLBA compliance and enforcing strong security quickly, easily, and cost-effectively. It deployed SecureZIP for Windows desktop.

Basel II Compliance With Tripwire: Configuration Control for Virtual and Physical Infrastructures
As if financial institutions did not have enough compliance worries, a new international standard - Basel II - now looms on the compliance horizon. Unlike other laws and standards affecting financial institutions in the US and overseas such as the Gramm-Leach-Bliley Act ("GLBA"), the EU Data Protection Directive and the PCI Data Security Standard, however, the ramifications of this law extend beyond protection of electronic consumer data. Instead, Basel II focuses on the institution's core functions of evaluating, planning for, and disclosing financial risk.

Achieving Federal Desktop Core Configuration Compliance (FDCC) with Lumension® Solutions
The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration set applicable within United States Federal Government agencies. Private enterprises may also choose to utilize this established framework as a foundation for their own security configuration baselines. All federal agencies that utilize or plan an upgrade to either Windows XP or Vista must report compliance, with FDCC reporting requirements dictated by the standard FISMA reporting guidance. The FDCC specific configuration requirements are generally based on the "Principle of Least Privilege" restricting user and machine rights. This whitepaper examines the FDCC requirements, the compliance challenges including vulnerability management, change control, and system security management and also highlights how Lumension's SCAP Validated FDCC scanner is integrated with a complete vulnerability management solution to effectively enable compliance with these standards.

Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications
View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line. You'll learn to: Improve performance of the production environment Archive or purge inactive transactional data automatically to an online database or offline flat file Maintain complete application integrity Comply with data retention regulations Reduce application storage footprint Enable accessibility to archived data Further your bottom-line savings with application retirement Sponsored by:

Developing a Sustainable IT Compliance Program
Today's IT compliance environment is becoming increasingly complex, driven by pressures in both the legislative environment and in technology itself. The legislative environment around IT is extremely complicated and changing rapidly. Companies must now respond to legislation at the state, national, and international levels — nvironments which are complex and often ontradictory. At the same time, the legal penalties for non-compliance and data breaches are skyrocketing. New technology trends are simultaneously increasing the complexity of the computing environment, making compliance more difficult and issues more nebulous. Read this ExecBlueprint, featuring insights from three top compliance attorneys, to see why IT leaders must partner with their peers throughout the organization to create a complete compliance program that is robust and sensitive to the forces continually shaping the landscape.

Dynamic Warehousing for Banking Buyer's Guide: A comprehensive solution for leveraging data in today's financial industry
Most organizations realize that the key to success lies in how well they manage data—and the banking industry is no exception. From customer statistics to strategic plans to employee communications, financial institutions are constantly juggling endless types of information. Not only does this data provide the basis for major corporate moves, it also impacts business on a more granular level by helping to maintain customer loyalty and improve staff productivity. Simply put, a bank's information is its lifeline. That's why it's critical for financial institutions to be able to access relevant data when it's needed most.

Privilege Access Control For Compliance with Gramm-Leach-Bliley Act (GLBA)
Symark PowerBroker enables IT compliance with the Gramm-Leach-Bliley Act protecting consumers' non-public personal information on UNIX & Linux systems. Gartner's paper on the importance of controlling UNIX superuser privileges is reviewed to explain the security gap between UNIX operating system design and GLBA compliance. PowerBroker bridges that gap--securing private consumer information through privilege delegation, encryption, and accountability.

Passing Compliance Audits in Heterogeneous UNIX/Linux Datacenters
Lack of access controls in native UNIX/Linux operating systems prevents them from passing today's compliance audits. Security issues surrounding the practice of sharing access to privileged accounts and the absence of least-privilege access control makes accountability a near impossibility. Symark Software's PowerBroker enables IT departments to bring these systems into compliance with multiple mandates such as PCI DSS, SOX, HIPAA and GLBA. PowerBroker creates RBAC-like access control that simplifies and lowers the costs security administration across heterogeneous platforms.

Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
Concerned your site is not in compliance with serious data regulations? Be sure to stay on top of regulations such as PCI, HIPAA, Sarbanes-Oxley, FISMA and others which help keep your customers safe. Learn about these regulations and how to comply with them when you read this free white paper, "Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology."

iSeminar: Meeting the Challenges of Compliance
This Internet seminar explores the compliance issues facing midsize organizations and how Oracle solutions can resolve them affordably and efficiently.

Identity Management for Midsize Businesses: Reducing Costs, Securing Data and Ensuring Compliance
This whitepaper highlights the unique needs of midsize businesses and explores the factors driving them toward stronger identity management platforms, such as Oracle Identity Management.

^back to top

Sarbanes-Oxley Headlines

LogRhythm and SOX Compliance
The Public Company Accounting Remote and Investor Protection Act were enacted in 2002 in response to questionable accounting practices from major corporations. This act is also known as the Sarbanes-Oxley Act (SOX), named after the congressional representatives that introduced the law. SOX require that all publicly traded companies implement and affirm a framework of internal controls to support accountability and integrity of the financial reporting process. Executive management and all key financial reporting processes, which include the IT environment, are subject to SOX compliance requirements. Non-compliance may result in financial penalties, potential jail or prison sentences, and possibly the forfeiture of any bonuses or incentives for Senior Management.

SOX and Its Effects on IT Security Governance
The Sarbanes-Oxley (SOX) Act is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. This paper discusses the effects of Sarbanes-Oxley (SOX) Act on corporate information security governance practices.

Keys to Aligning Security and Compliance - How to Connect the Dots
The pressure is on as organizations today face mounting demands to maintain an enterprise-wide security posture while adhering to the growing number of compliance regulations. Without the right processes and tools to effectively navigate through the security and compliance maze, IT professionals often resort to manually poring through spreadsheets and pulling together all of the necessary data and proof points to pass their audit and check the compliance box. But it doesn't have to be this painful with today's innovations in compliance and IT risk management. By aligning and connecting the dots across security and compliance, organizations can create business value as policies and procedures can be formalized and security of data and other assets preserved. In this webcast, Nigel Stanley, analyst with Bloor Research and Alan Bentley, VP of Lumension, examine: The types of risks introduced by poor compliance and security failures The impact to an organization's brand and reputation as well as the costs to the bottom line Practical steps organizations should take to align security and compliance initiatives

Consistently Enforcing Application Controls
Entergy Corporation is an integrated energy company engaged primarily in electric power production and retail distribution operations. They needed assistance in identifying and correcting vulnerabilities and risks associated with their SAP R/3 IS-Utilities and CCS (Customer Care System). These vulnerabilities and risks primarily consisted of audit issues and segregation of duty concerns and needed to be addressed immediately to satisfy Entergy's internal and external auditors. The Entergy team, including SAP security consultants and business process owners, first conducted an assessment of their current application environment in conjunction with specialists from FoxT's Application Controls group. The team evaluated access levels and controls to business information in the SAP systems. Special attention was given to Sarbanes-Oxley compliance requirements.

Reebok Automates Enforcement of Segregation of Duties
The need to simplify Sarbanes-Oxley review processes and create sustainable compliance controls led the leading sportswear manufacturer to implementing FoxT Application Controls. Using FoxT, they are enforcing Segregation of Duties across their SAP landscape in real-time, while automating tedious security administration tasks. In addition to offering the most comprehensive suite of application control and security administration capabilities, the footwear manufacturer also liked the fact that the FoxT product worked seamlessly across all of their SAP systems. They also found that the FoxT team was the most knowledgeable about SAP security and truly understood their environment.

HealthSouth Corporation Strengthens Financial Visibility and Accelerates Monthly Closing
HealthSouth Corporation wanted to improve companywide visibility of financial data as part of HealthSouth's reorganization and relisting to the stock market and automate financial, budgeting, and human resources processes. The challenge was to accelerate monthly reporting, annual budgeting and planning and consolidate reporting by combining data and information from patient billing systems, financial systems, and human resources. HealthSouth Corporation upgraded to a single global instance of Oracle's PeopleSoft Enterprise Financial Management Suite 9.0 to expand visibility into the company's financial position, ensure Sarbanes-Oxley compliance, and facilitate stock exchange relisting.

How Varonis Can Help With Efforts Toward Sarbanes-Oxley Compliance
This paper provides a brief overview of the Sarbanes-Oxley Act, (Sections 302 and 404), the impact of SOX on IT Departments, and the Varonis Data Governance solution for critical portions of the Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act of 2002 also known as the Public Company Accounting Reform and Investor Protection Act of 2002, and commonly called "SOX" or "Sarbox", is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals.

Guide to Controlling Delegation of Privileged Root Accounts
Admittedly, the comparison may be somewhat exaggerated, but controlling super user and other administrative privileges are critical to most organizations. While in the past, controlling privileged accounts may have made good business sense, today, it is mandated by regulations such as Sarbanes-Oxley (SOX) Section 404. For a SOX audit, it is no longer sufficient to say one trust administrators; one must have controls in place to convince auditors that no administrator, trustworthy or not, is able to abuse the authority granted.

Using Skybox Solutions to Achieve SOX Compliance: Demonstrate Compliance While Improving Your IT Security Posture by Mapping to COBIT 4.0 Controls
This paper provides background on SOX requirements and the challenges of the COBIT framework. This paper will illustrate how Skybox's solutions can help organizations achieve cost-effective SOX compliance as related to critical control objectives in the area of Risk Assessment, Risk Management, Change Impact Analysis, and Network Policy Compliance, Network Security Management, as well as IT Governance and Monitoring.

Using Qualysguard to Meet Sox Compliance & IT Control Objectives
The Sarbanes-Oxley Act of 2002 has fundamentally changed the business and regulatory landscape for all companies publically traded in the US. SOX is intended to instill confidence back into the investor community after several corporate scandals resulted in the loss of billions of dollars in invested capital. SOX does this by increasing corporate governance requirements through measures that will strengthen internal checks and balances and ultimately, provide transparency, as well as elevated corporate accountability. It is important to emphasize that section 404 does not require senior management and business process owners to merely establish and maintain an adequate internal control structure, but also to assess its effectiveness on an annual basis.

A Risk-Based Approach to Segregation of Duties: An Executive Primer
Segregation of Duties (SoD) is a hot topic of conversation among a range of professionals, from compliance managers to executive-level officers. The outpouring of interest in SoD is due, in part, to the requirements of Sarbanes-Oxley (SOX) in the US and other similar control-driven regulations worldwide. However, there is another factor at work: the principle that no individual should have excessive system access that enables them to execute conflicting end-to-end transactions.

The Sarbanes-Oxley Act (SOX) and Application Security
The Sarbanes-Oxley Act (SOX) of 2002 has radically redesigned how public companies comply with federal regulations. The extensive corporate governance requires that executives, auditors, securities analysts and legal counsel be accountable for the integrity of financial reporting. Additionally, stiff penalties can be imposed on enterprises who do not comply with the tenets of the legislation. Application Security Inc's database security solutions, in use by more than 1,000 organizations worldwide, bolster SOX compliance efforts by grounding compliance where the data lives - in the database.

The Sarbanes-Oxley Act: Using Server Isolation and Encryption as an IT Compliance Best Practice
This paper addresses the challenges of IT compliance requirements driven by legislation such as the Sarbanes-Oxley Act of 2002 (SOX) and how the best response is to take a broad risk-based approach that builds on a base of server isolation and encryption to meet not only existing legislation such as SOX as well as be positioned for future legislation and regulations.

Achieving Efficient Governance Risk and Compliance through Process and Automation
This white paper presents a low risk, high impact approach to gaining control of regulatory compliance. The procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet organizations that can master these activities, operate more efficiently, compete more effectively, and build their brands. Learn how Governance, Risk, and Compliance technologies can help by downloading this white paper now.

^back to top

Regulatory Compliance Headlines

Novell Case Study: Enloe Medical Center
Enloe Medical Center is a 391-bed hospital serving more than 400,000 residents in a six-county region in Northern California. Physicians and clinicians at Enloe Medical Center were frustrated by having to remember multiple passwords to access patient care applications. The center implemented Novell SecureLogin to provide single sign-on access, reducing passwords by 85 percent and login times by 60 percent. The medical center also improved its ability to comply with increasingly stringent HIPAA requirements.

Protecting Patient Health Information in the HITECH Era: Security Challenges for Adopting Health Information Technology to Comply With HIPAA and the HITECH Act
The American Healthcare system is getting a complete facelift thanks to incentives to adopt Health Information Technology introduced by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Signed into law by President Barack Obama in February 2009, the HITECH Act is part of the American Recovery and Reinvestment Act. It is also part of the broader healthcare reform initiative championed by President Obama. That agenda includes a push for the adoption of interoperable data capture, storage and transmission protocols in healthcare systems. New health information technology is considered to be a vital step in the drive to reduce costs, gain efficiencies, and ultimately to improve patient care.

Supporting Compliance: A Network Approach
With the significant increase in compliance related mandates put upon IT organizations today, Enterasys has written this white paper to explain the approach to supporting compliance through advanced policy-driven networking. Regulatory compliance and governance mandates are new and daunting issues for any IT organization. These requirements for compliance can come from outside the organization in the form of government legislation, such as HIPAA or Sarbanes-Oxley. They can also come from the inside of the organization in the form of organizational governance edicts from executive management. In either case, the network infrastructure must play a role in supporting the often abstract requirements of compliance, while at the same time ensuring that the business objectives of the organization are still being met.

What Every CIO Needs to Know About HIPAA Compliance
Compliance with HIPAA is mandatory and violators face up to $250,000 in fines and jail time of up to 10 years. HIPAA regulations are intended to protect such data as a patient's medical records and personal healthcare information. HIPAA affects organizations that transmit protected health information in electronic form (e.g. health plans, healthcare clearinghouses and healthcare providers). The law maintains that healthcare organizations implement a wide variety of safeguards and security best practices in order to adequately protect customer data. Full compliance requires that these entities understand the threats and liabilities and take proactive measures to maintain reasonable and appropriate safeguards in three areas: administrative, physical and technical.

The HIPAA Effect: Considerations for Fundraising After the Health Insurance Portability and Accountability Act
Eight years after Congress passed the Health Insurance Portability and Accountability Act (HIPAA), professionals working in healthcare philanthropy have discovered that HIPAA was not the end of fundraising as one knew it. Initially, when HIPAA was enacted in 2000, there was great fear and uncertainty among healthcare providers and development officers. Reactions across the nation and among healthcare organizations varied widely: some predicted the end of healthcare fundraising, whereas other more rational people viewed it as a manageable challenge.

In the Labyrinth of Regulatory Compliance or How Not to Be Afraid of HIPAA
This whitepaper focuses on email security and retention considerations for the healthcare industry, focusing on the Health Insurance Portability and Accountability Act (HIPAA). It provides detailed information about the HIPAA rules as they relate to email transmission, as well as recommendations on how a healthcare organization can ensure that its messaging infrastructure is compliant with HIPAA.

LogRhythm and HIPAA Compliance
The Department of Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to ensure that personal information stored, accessed, or processed adheres to a set of guidelines or "Security Rules". These rules outline security measures that should be implemented to adequately secure all Electronic Protected Health Information (EPHI). The Secretary of Health and Human Services enforces this law. Non-compliance can lead to civil monetary penalties and public distrust.

HIPAA Privacy & Security Laws: Corporate Privacy, Information Security, and Employee Development
The HIPAA law allows as workforce members to use patient information for treatment, payment or healthcare operations as defined by HIPAA and required by job responsibilities. The CHS Acceptable Use Policy IS.PHI 600.01 and Release/Review of PHI Policy PR.PHI 140.05 along with 22 other CHS policies present specific guidance for protecting all forms of patient information: electronic, written, and oral.

Privacy and Security of NPI
This paper provides an outline of the privacy issues raised by clinicians in sharing NPI information. While the National Provider Identifier is a HIPAA regulation, the privacy and security issues discussed in this white paper are not just dealing with HIPAA privacy and security. Concerns clinicians have raised about release of information are established as a pretext dealing with identity theft.

Meeting HIPAA Compliance With EventTracker
There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA calls for tightly controlling and monitoring access to confidential patient information, and specifically calls out event logs as an important vehicle to meet compliance. This Paper describes how EventTracker from Prism Microsystems, Inc. can be used as the key component for managing the collection, storage and analysis of enterprise event log data. With EventTracker a healthcare provider or related business can be confident they have the solution in place to help effectively meet audit requirements.

^back to top

SEC Rule 17A-4

Compliance: SEC 17a-4/NASD 3010/3110
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today.

The Case for Document Management
Are you asking how to avoid court-imposed sanctions? Are you wondering how to keep the escalating costs of electronic and paper discovery to a minimum? Whether the objective is to handle litigation, deliver new contracts, or projects, companies today need solutions that promote teamwork. However, common bottlenecks inhibit many organizations from achieving their peak performance: Risk imposed by compliance regulations and corporate guidelines Quality problems and delivery delays caused by inefficient processes Lack of coordination between external partners, vendors, parties and clients Difficulties in capturing, finding, and leveraging organizational knowledge The ViewWise Document Management Solution can help your organization address compliancy and eDiscovery efforts. Computhink's ViewWise was created to assist organizations by helping eliminate the content burden that surrounds most offices today. ViewWise does this by helping organizations with access, archiving, storage, security, workflow and tracking of Electronic Content, while providing simple options for scanning, integrating, importing, and classifying.

Getting ahead of security issues, compliance regulations and IT processes
It can be difficult to ensure the confidentiality and integrity of your critical data with customers demanding 24/7 secure access to their data and regulators applying pressure on your business. In this Risk, Compliance and Security e-Kit for Financial Institutions, you'll learn about IBM security solutions that proactively protect against worms, viruses and other threats. There is a Tower Group white paper on the need for stronger consumer banking authentication, a study about innovative solutions for identifying, measuring, and optimizing operational risks and an ISS case study about staying on top of new vulnerabilities. Plus, six other reports on preventive solutions to security.

CIO Strategies for the Retention and Deletion of Email
With new regulations and the recent changes to the Federal Rules of Civil Procedure, legal departments are turning to IT leadership to manage retention, deletion, search and recovery of email and other Electronically Stored Information (ESI). CIOs must track billions of email messages, database records and desktop files, know where they are, ensure they are secure, delete them on schedule, and be able to produce them as required. How does an organization ensure a successful retention strategy? This whitepaper provides CIOs with useful information about litigation issues surrounding email and ESI as well as information on how to define and implement a retention and deletion strategy. Also included is an overview of MessageOne's on-demand EMS Email Archive - service, the first SaaS archiving solution capable of painlessly solving email retention, deletion, search and e-Discovery challenges.

What Can 2007 Teach Us About 2008?
2007 was a tumultuous year for U.S. businesses and employees, filled with extreme highs and disappointing lows. Private equity garnered nearly $400 billion in mega deals in merely six months, and news of multiple billion-dollar acquisitions (Chrysler, Alltel and CKX) illustrated a trend of public companies going private. However, financial markets soon shifted and companies felt the backlash. Lenders scrutinized borrowers with tougher standards, limiting access to capital. After several months of market volatility, market direction remains unclear. We face a Catch-22: business leaders are conservative in making projections as they look for a cue from the markets, and the markets look for a cue from business leaders regarding new initiatives. Each month, Tatum, LLC surveys its financial and technology executives regarding current business conditions and economic trends. With nearly 1,000 executives serving companies of all sizes across a broad base of industries in every geographic region of the United States, the Tatum Survey of Business Conditions takes a representative pulse of business activity. This document contains results and analysis from Tatum's Survey of Business Conditions from May through December 2007. Survey topics include private equity, M&A, regulatory compliance and reporting, and financial executive pressures.

Trust and Competitive Advantage: An Integrated Approach to Governance, Risk Management and Compliance
Burned by Enronesque accounting scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a company's shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.

Data Quality, Compliance, and Risk for Financial Institutions
Poor data quality is endemic in most financial institutions, with risk managers frequently citing a lack of clean, high-quality data as the biggest inhibitor to achieving their risk management and regulatory compliance objectives. To combat the problem, Informatica offers data quality scorecarding capabilities -- a metrics-driven approach to measuring, tracking, and reporting on data quality defects. Read this informative white paper to learn more about it.

An Integrated Approach to Managing Governance, Risk, and Compliance
Given today's highly regulated environment, how can you control risk, drive performance, and inspire greater stakeholder confidence? To address these requirements, forward-thinking organizations are moving toward an integrated program of governance, risk, and compliance (GRC) management. Download this SAP white paper to learn about a GRC approach that can help you confidently address all regulatory- and business-related risks while lowering your overall cost of compliance.

Realtime Publishers: Understanding how privacy and government regulations affect email compliance
Email compliance is just one instance of the regulatory impact on IT operations. There are a number of privacy and corporate governance regulations that apply to email services, and the list of such laws is likely to grow. Fortunately, many regulatory requirements coincide with business requirements for security, business continuity, and operations management. Sound email management driven by business needs can go a long way toward compliance as well. This article examines some of the more well-known regulations that have an impact on email management practices, then explores the most effective way to comply with these regulations.

Policy and IT Controls Compliance Challenges and Solutions
Achieving compliance requires a set of methodologies and disciplines that give executives a better picture of the security of their enterprise and help them improve it. Written by Richard LeVine of Accenture, this white paper describes the benefits of compliance, the depth of work required to achieve it, and some powerful tools that increase the effectiveness of compliance efforts.

Online Publisher Meets Goal of Providing Compliance Week Users with the Most Effective Search Application
Financial Media Holdings Group (FMHG) is the parent company of Compliance Week, the industry's definitive newsletter on corporate governance issues. In mid-2005, the company sought a commercial search application that would enable its users to find what they need when they need it. Among its top requirements, FMHG sought a solution with: A sophisticated, flexible architecture The ability to support custom conversion and preprocessing applications A customizable user interface Download this case study to learn why FMHG's quest ultimately led them to Coveo Enterprise Search, and why the company is so pleased with its selection.

Webcast: Optimizing the Role of Compliance in IT Governance Efforts
In addition to addressing the growing number of internal and external regulations, compliance can play a key role in identifying risks and demonstrating the efficiency and effectiveness of IT. View this on-demand IBM Webcast to see examples of common control objective areas that are not only important for regulatory reporting, but for the optimization of IT governance efforts. Learn how Tivoli solutions can turn managing compliance requirements from a reactive burden to a strategic advantage.

Streamline to Success: The Real Mid-Market Experience: Banking
Community financial institutions, including retail and commercial banks, savings & loans, and credit unions, along with larger institutions and other commercial enterprises, continue to face increasing information security threats. Compounding these threats is an ever increasing regulatory burden and focus from initiatives like Sarbanes-Oxley, Gramm-Leach-Bliley, U.S. Patriot Act, PCI, etc. However, IBM is helping community financial institutions proactively defend against and respond to these various threats.

Access Archived Data in the Blink of an Eye
Are you faced with overloaded primary storage, long backup times, data retention mandates, and/or costly, time-consuming retrieval of archived data? This web presentation discusses the emerging need for active archiving and present a unique network attached archival solution for addressing new archival requirements. Topics covered include: How archival storage requirements are changing. Differences among current alternatives for archiving. The business case for a dedicated archival tier to keep fixed content. Benefits of an archival storage tier, e.g. freeing up primary storage. How an all-in-one appliance can provide permanence, accessibility, portability, and protection for archival data.

Protected, Portable, Price/Performance for Permanent Online Archive
"One of the major reasons that companies are implementing disk-based archives is to lower their storage costs but still keep archive data online and easily accessible. However, moving data from disk to disk does not necessarily create a leap in lowering capital costs. PowerFile offers an interesting alternative approach to digital archiving worth evaluating....The PowerFile PSA actually provides customers with four tiers, including high performance NAS-based disk storage (Tier One), in-library DVD for lower cost online storage (Tier Two), onsite vaulted DVD (Tier Three) and offsite vaulted DVD for long term archival (Tier Four). The combination provides a compelling blend of price/performance, permanence, protection and portability." Read more....

^back to top

HIPAA

Erie County's Human Services Department Turns to ZixCorp
Erie County of Pennsylvania's Human Services Department needed email encryption to send Protected Health Information (PHI) and the other sensitive data pertaining to their constituents. Erie County deployed the ZixCorp's Email Encryption Service that was easy to install and maintain and HIPAA lexicon plus the ability to create own policies.

Protecting Patients' Personal Data
For more than 60 years, Robert Wood Johnson University Hospital Hamilton (RWJ Hamilton) has provided top-notch health care to communities within a five-county area of New Jersey. It needed email encryption to send Protected Health Information (PHI) and other sensitive data pertaining to their patients. University deployed ZixCorp's Email Encryption Service enabling HIPAA lexicon plus the ability to create own policies.

Reducing the Cost of Defensive Medicine Using the Internet
Defensive medicine consists of providing medical services that are not expected to benefit the patient, but minimize the risk of subsequent lawsuits. In that context, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rightly makes a virtue of privacy, but it can also bring about a financial burden - a burden that can best be met through a judicious use of the Internet and the latest developments in secure online communications.

HIPAA Security Provisions: Is Your Network Ready for a Physical?
The security-focused Health Insurance Portability and Accountability Act (HIPAA) federal regulation became effective April 2005, requiring many companies to review the health of their systems that create, receive, transmit or maintain health information. If your company is subject to HIPAA, is it prepared to meet the requirements of the Security Rule? This paper details: The who, what, and why of HIPAA Security requirements under the HIPAA Statute, Privacy Rule, and Security Rule Deadlines, penalties, and sanctions for noncompliance HIPAA Security Rule Standards How to maintain network health through independent configuration auditing

HIPAA Compliance and Varonis
This paper provides an overview of the Health Insurance Portability and Accountability Act (HIPAA), its scope and purpose as well as a description of the way in which Varonis Systems enables entities to follow guidelines for regulation compliance. Varonis personnel and value added partners may distribute this paper as an informational overview.

^back to top