A FISMA compliance approach that relies on a manual and labor-intensive process can produce mountains of paper and electronic documents that no one can organize and make sense of. Such a compliance strategy results in overwhelming confusion where the assumption is that everything is in place because personnel are too busy to make sense of it all: that is, until things break down and all the fingers are pointed at the agency. This whitepaper highlights the six critical elements agencies should keep in mind in order to reduce the burden of FISMA compliance, while achieving greater control and security.

Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online.

This whitepaper will examine PCI DSS and explain how Lumension® Compliance and IT Risk Management can help organizations reduce the cost of addressing compliance by streamlining and automating the IT audit process, unifying control and compliance frameworks, automating assessment and remediation processes, and enabling continuous monitor­ing of their compliance and IT risk management posture.

By March 1, 2010, all organizations with operations and/or customers in the state of Massachusetts will be required to follow comprehensive information security requirements regarding both paper and electronic records containing personal information. These requirements include enforcing password security, encrypting all personal information stored on laptops and removable devices and ensuring up-to-date firewall protection, operating system patches and the latest versions of security agent software. Read this whitepaper to learn how your organization can meet the necessary requirements and improve its security practices.

- An Osterman Research white paper, sponsored by MX Logic

Security costs are large & growing, with technical countermeasures dominated by on-premise licensed solutions. Companies wrestling with providing stronger security and meeting compliance requirements are seeking more efficient ways to provide security.

Although data privacy and identity theft have a higher profile in the minds of consumers, data retention issues can have a far greater financial impact on businesses. Every company, whether public or private, large or small, must have a policy and enforcement system to deal with the messages and files generated by the organization every day.

Published: March 2009 - Access management (AM) and segregation of duties (SoD) controls have become increasingly important to executives and corporate managers responsible for preventing fraud, ensuring the security of enterprise information systems, and complying with the Sarbanes-Oxley Act and other regulations.

The collaborative benefits of Web 2.0 technologies have fueled rapid growth in online consumer markets and now are being adopted by businesses worldwide. With these technologies come new types of attack vectors.

As email has become more critical in the business world, many companies are weighing the question of how long it should be retained, what should be done with it, and when it should be deleted. The answer depends on many issues, particularly when one considers the varying regulations and business situations that might demand emails to be archived for long periods of time.

Today, almost anything across an enterprise's systems can be made digitally aware and interconnected. And given the business challenges of a smaller, flatter and more complex world, rethinking what information we store and how our information infrastructures work is a must.

The growing volume of user email messages is escalating storage requirements and increasing the pressure on traditional email archiving solutions. Maintaining email archives to meet security, compliance or business policies is a struggle, with traditional in-house solutions facing a never-ending cycle of decreasing performance and increasing investments in costly technology.

The general compliance deadline for 201 CMR 17 was initially set for January 1, 2009, but it has been pushed to January 1, 2010 in response to concerns3 from a variety of businesses large and small, industry organizations and other affected organizations.