The Elements of Privacy Risk – GRC Illustration     pdf   pdf Download

Organizations that handle personal information face increasingly complex challenges to effectively manage privacy risk and compliance. The impact of these challenges covers the entire information life cycle.

Silver Diner Takes Next Step in Payment Security Using Merchant Link's Point-to-Point Encryption Solution.

Delta Hotels and Resorts Moves Beyond PCI Compliance with Merchant Link's TransactionVault®, TransactionShield® and E-commerce Security Solutions.

There's no way around it. No matter what size your business is or what industry you work in, if you accept credit cards, keeping up with the latest requirements is difficult at best. Credit card security has become an even greater challenge for merchants with the advent of the Payment Card Industry Data Security Standard put forth by The PCI Security Standards Council.

The physical Point-of-Interaction (POI) devices that accept and process credit card transactions can be one of the most vulnerable attack vectors for criminals intent on stealing cardholder data. The combination of advancing technologies like 3D printing or near field communication (NFC) with outdated policies and untrained staff allows fraudsters an opportunity for substitution of POIs and insertion of physical skimmers that can result in huge losses of cardholder data.

A leading supply chain data analytics solution provider needed to provide its large retail pharmacy clients with insights to enable product price optimization, store performance management, and targeted digital promotions to store customers.

As Internet-based businesses build and scale their operations, the need to protect their user's information and their own IT infrastructure becomes increasingly important. Information security is a big concern as recent high profile breaches at leading internet companies have demonstrated, and many Internet-based businesses see the value of using technology to build and sustain robust information security and IT risk management programs that protect them from emerging cyber threats.

Big Data is an exciting concept and emerging set of technologies that hold seemingly unlimited promise to enable organizations to gain new analytic insights and operational efficiencies. It is a unique architecture that enables low-cost, high-speed, parallel processing of huge data sets of structured and unstructured data.

The challenge of enterprise risk management programs for many organizations has always been how to quantify "value" and effectively harness data across the enterprise. Risk management consultants believe there is now a solution in emerging data mining and analytic modelling technology that effectively turns "data" into true risk intelligence.

Hadoop is a unique architecture designed to enable organizations to gain new analytic insights and operational efficiencies through the use of multiple standard, low-cost, high-speed, parallel processing nodes operating on very large sets of data. The resulting flexibility, performance and scalability are unprecedented. But data security was not the primary design goal.

Streamline and accelerate threat and vulnerability lifecycle management across all assets, including those in cloud and virtualized environments.

Generating data for test and development environments presents serious challenges for enterprise security and risk management. When data is copied from production databases and used directly for test/development, large volumes of private data accumulate on unprotected servers and workstations. The use of outsourced and offshore QA and development services further increases the risks. An alarming number of data breaches, along with complex regulatory compliance requirements, highlight the need to de-identify sensitive data when moving from production to test, development, and training environments.

GRC, by definition, involves bringing together governance, risk and compliance disciplines from across an increasingly complex, extended enterprise with deep interlocks to customer and supplier eco-systems. While it's not realistic to expect organizations to converge on a common set of GRC processes across this complex landscape, there is huge value in taking a federated approach to GRC that leverages the common risk elements from each business unit, IT and security teams, and management of third parties.