PCI DSS

Fc152e73692bc3c934d248f639d9e963

The Dilemma of PCI Scoping - Part 1

July 28, 2014 Added by:PCI Guru

Based on the email comments of late, there are apparently a lot of you out there that really do not like the Open PCI Scoping Toolkit.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The Unisys Ponemon study – Is It Actually Relevant to ICSs

July 22, 2014 Added by:Joe Weiss

It is important to understand the validity of the observations and conclusions as this report is being widely quoted.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Keeping it Simple - Part 1

July 21, 2014 Added by:PCI Guru

Apparently, I struck a nerve with small business people trying to comply with PCI. In an ideal world, most merchants would be filling out SAQ A, but we do not live in an ideal world. As a result, I have collected some ideas on how merchants can make their lives easier.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Compliance and Security Seals from a Different Perspective

July 16, 2014 Added by:Rafal Los

Compliance attestations. Quality seals like “Hacker Safe!” All of these things bother most security people I know because to us, these provide very little insight into the security of anything in a tangible way. Or do they?

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Why Should We Close the Threat Detection Gap?

July 09, 2014 Added by:Tripwire Inc

By closing off the threat detection gap, we can decrease the value to the criminal of the effort to commit the crime, making it a less worthwhile undertaking in the first place.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Google Aurora vs ICS Aurora – An industry and DHS Debacle

July 08, 2014 Added by:Joe Weiss

This is actually two blogs in one. The first is about DHS releasing critical information they weren’t even asked for. The second is about the lack of progress on addressing a subject that DHS made public.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Flaw in Requirement 8.5.1

July 03, 2014 Added by:PCI Guru

All of you service providers out there that have remote access to your customers managed by some enterprise credential management solution, please implement a strong two-factor authentication solution on your customer credential management solution before you too become a newspaper headline.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

It’s the end of June 2014 and ICS Cyber Security is Still an Enigma to Many

July 02, 2014 Added by:Joe Weiss

The past two weeks continue to demonstrate the lack of understanding about the unique issues of ICS cyber security – why isn’t it just IT.

Comments  (1)

65be44ae7088566069cc3bef454174a7

10 Big Data Analytics Privacy Problems

June 30, 2014 Added by:Rebecca Herold

The power of big data analytics is so great that in addition to all the positive business possibilities, there are just as many new privacy concerns being created. Here are ten of the most significant privacy risks.

Comments  (0)

Dea535178c7cc66cd64a57946b006ef2

Key Management in the Public Cloud

June 27, 2014 Added by:HyTrust

Key management is the most important component in any enterprise-grade encryption system. Yet what is the right key management model if you are looking to the cloud?

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Keep it Simple

June 24, 2014 Added by:PCI Guru

Let us refocus our priorities and help the vast majority of the world get secure.

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Medical Device Madness - Security Suffering

June 19, 2014 Added by:Mike Meikle

If the healthcare organization deploys an operating system patch or places their standard endpoint protection on the device, they run the risk of the vendor halting support during a device issue until the offending patch or software is removed.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On SIEM Tool and Operation Metrics

June 19, 2014 Added by:Anton Chuvakin

Measuring SIEM health and operations is still an emerging art, and there is no set of accepted SIEM metrics.

Comments  (0)

Ee445365f5f87ac6a6017afd9411a04a

What is Continuous Compliance and Assurance?

June 18, 2014 Added by:Jon Long

The phrase "Continuous Compliance" is almost meaningless without an additional reference of "Assurance." I define continuous compliance and assurance as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective results to meet information security goals.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Physical Security is Still a Problem

June 17, 2014 Added by:Joe Weiss

I did not think we would be able to film directly in front of large electric substations and other critical infrastructures. I was wrong.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Using “Compliant” Stuff Doesn’t Result in Full Compliance

June 16, 2014 Added by:Rebecca Herold

Organizations that access, in any way, some type of personal information will likely have data protection compliance requirements with which they must comply.

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »