Blog Posts Tagged with "Third Party"

Fc152e73692bc3c934d248f639d9e963

Third Party Service Providers and PCI Compliance

September 25, 2012 Added by:PCI Guru

If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

Buggy out the Door: Externally Discovered Defects (EDD)

August 15, 2012 Added by:Rafal Los

What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

The Weakest Link in the Security Chain: Is it in Your Controls?

August 11, 2012 Added by:Tripwire Inc

Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

LulzSec Reborn vs Twitter and OAuth Security Issues

June 13, 2012 Added by:Pierluigi Paganini

The third-party authentication process implements the open standard for authorization, or OAuth, that allows users to share private resources stored on one site with another. The hack raises a serious question regarding the security level ensured by third-party authentication processes...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Close Encounters of the Third (Party) Kind...

June 06, 2012 Added by:Neira Jones

There are numerous third parties and cloud providers around. A few have already achieved a dominant position, but a recent article highlighted that "others have opportunities to get into the act by offering more security and protection". So there you are, security can be a unique selling proposition...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Contracts and Information Security Part 1: Outsourcing

June 04, 2012 Added by:Bill Gerneglia

Beyond managing regulations and liability, companies outsource their IT functions to third parties create infosec privacy and legal difficulties, including loss of control and challenges with enforcement. Risk and compliance obligations do not disappear when using a third-party service provider...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

I Hope Edo is Worth the Privacy Risk

May 16, 2012 Added by:Keith Mendoza

About a week ago, I read about this new daily deal service called edo that ties to your bank account, and the first thing that came to my mind is “uh oh, another attack vector into my bank info”. Here are a list of features that are those potential attack vectors...

Comments  (2)

54a9b7b662bfb0f0445d1661d7ed180b

Where Will the Buck Stop in Cloud Security?

May 15, 2012 Added by:Jayson Wylie

I don’t want to see the main outcome of security and data breaches become lengthy litigation. If cloud security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture...

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

FedRAMP Releases Updated Security Assessment Templates

May 11, 2012 Added by:Kevin L. Jackson

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for Cloud Service Providers. This document has been designed for Third-Party Independent Assessors to use for planning security testing of CSPs...

Comments  (0)

16443e0c6f6e4a400fd0164b3c406170

Four Steps to Follow when Your Credit Card is Compromised

April 23, 2012 Added by:Christopher Burgess

Certification of compliance demonstrates that at that given point of time the entity was in adherence to the PCI standards. The threat landscape is dynamic and ever changing requiring those entrusted with our data to take steps beyond compliance to protect that data...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

The Security Poverty Line and Junk Food

April 16, 2012 Added by:Wendy Nather

Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...

Comments  (2)

7ddc1f3000a13e4dfec28074e9e7b658

Megaupload Goes to Court: A Primer

April 11, 2012 Added by:Electronic Frontier Foundation

Does the government have a responsibility to protect innocent third parties from collateral damage when it seizes their property in the course of prosecuting alleged copyright infringement? That is the question a federal district court will consider...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Financial Institutions – Your Time is Coming

April 04, 2012 Added by:PCI Guru

Most financial institutions purchase their software applications from third party development firms. With all of the regulatory changes going on in the financial institution industry, these software firms have been focused on those regulatory changes and not PCI compliance...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FTC to Link Do-Not-Track and Big Data Concerns

April 02, 2012 Added by:David Navetta

The FTC sees a greater threat to consumers in third-party data collection because of lack of notice, choice and transparency in the practices of data collectors. But the challenge is understanding where to draw the line between “first party” and “third party” practices...

Comments  (1)

1de705dde1cf97450678321cd77853d9

The Role of Penetration Testing in the Infosec Strategy

March 26, 2012 Added by:Ian Tibble

For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...

Comments  (2)

68b48711426f3b082ab24e5746a66b36

Application Security: Why is Everybody Always Picking on Me?

March 19, 2012 Added by:Fergal Glynn

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...

Comments  (0)

Page « < 1 - 2 - 3 > »