White papers

IT Security and Compliance White Papers

Read the latest white papers from industry experts New Net Technologies. We provide comprehensive information on IT security and compliance.

Our medical, health and personal information should remain private. While the principle of Doctor-Patient confidentiality has always been regarded as sacrosanct, the electronic age has inevitably led to greater ease of access to all information, including confidential patient details a.k.a. electronic protected health information.

Vulnerability management is a key security best-practice that serves to prevent the complete spectrum of cyber-attacks. But how do you strike the right balance between maintaining the security of an IT environment that never stands still, and maximizing system performance, uptime and service delivery?

A formalized Change Management process is vital in order to maximize the effectiveness of any change while minimizing potential problems resulting from a configuration change being made. All security and corporate governance policies such as the PCI DSS, SOX, NERC CIP, HIPAA, ISO27K and GCSx CoCo all demand a robust change management process for this reason.

The Health Information Technology for Economic & Clinical Health (HITECH) act really does ‘up the ante’ for HIPAA enforcement.

This whitepaper is a Guide for IT professionals – an ‘Everything you wanted to know about Compliance’. Anyone with experience of being audited in the past will learn how to remain compliant with your required standards, making the next round of Audits much more straightforward.

All security standards and Corporate Governance Compliance Policies such as PCI DSS, GCSx CoCo, SOX (Sarbanes Oxley), GLBA, NERC CIP, HIPAA, HITECH, ISO27000 and FISMA require IT systems to be secure in order that they protect confidential data.

The breach at Target has not just been big news within the Information Security community; it is worldwide headline news in all mainstream media outlets. This article looks at Brian Krebs’† excellent (as usual) investigation and analysis of the story so far from an NNT perspective.

Threats to theft of Intellectual Property, financial data, Cardholder Data, PII (Personally Identifiable Information) are more diverse and increasingly difficult to defend against. The traditional ‘internet vandalism’ from viruses is still an issue but the ‘threatscape’ in 2012 is far more diverse and dangerous than ever before.

Your enterprise is under attack right now and if a breach is successful, you could lose your Intellectual Property, your sensitive company planning and financial data, your market intelligence and with it, your overall competitive edge could be setback by years.

The PCI DSS security standard calls for a broad range of security measures, but beyond the use of firewalling, intrusion protection systems and anti-virus software, the understanding of the requirements and responsibilities of the merchant are very often poorly understood.

Any organization storing, processing or transmitting Primary Account Numbers (PAN) must comply with the Payment Card Industry Data Security Standard or PCI DSS.

Understanding the background, the objectives and the detailed requirements of the standard is still proving to be a challenge for thousands of organizations around the world. This whitepaper aims to give a basic backgrounder in traditional ‘101’ style.

The new and updated version of the PCI Data Security Standard is as much about refining and improving the protection afforded by the DSS as re-launching the standard and attempting to galvanize renewed focus onto PCI compliance.

Many organizations have still chosen to delay the implementation of their PCI program, being wary of the resource requirements necessary to manage PCI compliance.