IT Blog Award - IT Law and Governance
July 7th, 2008 Posted in UncategorizedI’m not on the shortlist, but still shamelessly and transitively pimping ComputerWeekly by asking you, the reader, vote for one think is best (and tell them they missed the most important.) Regulatory Compliance should be a category in and of itself, since that is what drive the majority of IT and security capital these days. If it was, I also believe that PCI Compliance would be at the top of that list, and this blog would be one of the top on that list.
 |
| in Law Blogs |
 |
So, here’s my list of PCI Compliance blogs that I read.
- Society of Payment Securty Professionals: this feed includes PCI Answers, Rob Newby’s blog, Walt Conway’s blog, Aegenis podcasts, and much more.
- PCI Answers: this blog which includes non-nonsense clear answers to questions and issues surrounding PCI compliance. I travel the world teaching classes and provide that experience right here.
- Walt Conway: his is one of the few blogs that focuses entirely on PCI within a certain vertical - the higher education field. I have presented at his conferences and know him to be highly focused on the impact of regulatory compliance.
- Rob Newby: who focuses his blog on PCI and IT security. He covers PCI and security throughout the UK and Europe.
- Trey Ford: who covers PCI from an application security perspective
- Ed Bellis: one of the SPSP Advisory Board members and application security lead. He writes on relevant topics to security and regulatory compliance.
Are there others that I’ve missed?
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
5 Responses to “IT Blog Award - IT Law and Governance”
By Rob Newby on Jul 7, 2008
Whilst you’re there, vote for me in the IT Security category too!
By wconway on Jul 8, 2008
It would be interesting for one of the security/IT pubs to do a similar “top 10″ for the US market…or maybe I just missed it. Thanks for the vote anyway, Mike!
By Michael Dahn on Jul 8, 2008
Walt, I am a bit biased, but yours is one of the few blogs entirely devoted to PCI and the only one for Higher Education.
You speak and they listen.
By Jack on Jul 14, 2008
I would also like you to inform about some more about IT Governance and Compliance
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering: Greater business value from IT strategy, investment and alignment, Significantly reduced business and financial risk from the use of IT, and Conformance with policies of the organization and its external legal and regulatory compliance mandates. IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk. Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization. IT governance, risk, compliance, IT GRC, White paper, compliance survey report, 2008 compliance report. You can also get more information from http://www.compliancehome.com/symantec/
By Roy Davies on Sep 19, 2008
Totally agree, given the importance of regulatory compliance, it is surprising that it is not counted as a category. I started http://itgrc.wordpress.com and would be interesting to have your input.