Web Admin Blog

Real Web Admins. Real World Experience.

Entries Tagged ‘compliance’

Enterprise Risk Management for the Masses

A couple of years ago I decided, along with support from my management, that Enterprise Risk Management would become a focal point for my Information Security Program.  I was convinced that framing vulnerabilities in the form of risks was essential to giving management visibility into issues they currently didn’t know existed and to give our […]

Auditors Just Don’t Understand Security

Part of my new role as the Information Security Program Owner at NI is taking care of our regulatory compliance concerns which means I spend quite a bit of time dealing with auditors. Now auditors are nice people and I want to preface what I’ll say next by saying that I think auditors do perform […]

PCI Compliance – Convert Drudgery Into a Powerful Security Framework

For my last session of the day at TRISC 2009, I decided to attend Joseph Krull’s presentation on PCI Compliance.  Joe works as a consultant for Accenture and has performed 60+ PCI engagements for various companies.  If your organization does any processing of credit card information, my notes from that session below should be useful: […]