Blog Posts Tagged with "Standards"
May 09, 2013 Added by:Anthony M. Freed
Often in the security field we hear the question asked, “Who’s watching the watchers?” It occurred to me recently that one might make a similar rhetorical quip about other aspects of our field – in particular, the question of “Who’s standardizing the standards?”
December 10, 2012 Added by:Hani Banayoti
Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...
October 23, 2012 Added by:Stephen Marchewitz
Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...
September 07, 2012 Added by:Ben Kepes
CIMI is arguably more complex than a simple standard – it reflects that people want to rubber stamp a standard, but also want to deliver proprietary functionality as a point of differentiation from the competition. CIMI is a positive initiative, but the proof is in the pudding...
August 25, 2012 Added by:Robert Siciliano
If you have plans to travel internationally this summer, you may have problems using your U.S. magnetic stripe card abroad, as many other countries, particularly in Europe, have made the EMV card the new standard. The Smartcard Alliance explains...
June 20, 2012 Added by:Bob Radvanovsky
Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...
June 13, 2012 Added by:PCI Guru
The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...
June 08, 2012 Added by:Headlines
Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher has selected William M. Holt, senior vice president and general manager of Intel Corporation's Technology and Manufacturing Group, to serve on the Visiting Committee on Advanced Technology (VCAT)...
May 29, 2012 Added by:Dejan Kosutic
A new business continuity standard (ISO 22301) was published very recently, so in this infographic you'll find a comparison of this new standard with the old BS 25999-2 standard plus ways you can learn more about ISO 22301...
May 14, 2012 Added by:Rafal Los
Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...
May 11, 2012 Added by:PCI Guru
The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...
May 09, 2012 Added by:Beau Woods
Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...
May 02, 2012 Added by:david barton
Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
April 21, 2012 Added by:Rafal Los
Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...
April 06, 2012 Added by:Jon Long
There is nothing that changes faster than technology, and if you are not ahead of it, you are ancient history. Within the category of technology, security is at the forefront of rapid change, and there is nothing more critical to ensure that we understand as auditors...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013