Compliance

Fc152e73692bc3c934d248f639d9e963

An Audit Versus an Assessment

March 10, 2015 Added by:PCI Guru

A lot of people are always calling their PCI assessment an audit. However, certified public accountants (CPA) would tell them that there is a vast difference between the two.

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

Is Compliance Bad for Security?

March 04, 2015 Added by:Tripwire Inc

Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure. Having worked in the industry for more than a decade, I know that this is demonstrably not true.

Comments  (3)

B359c06abd8c84e1a224a96ca47af8b9

PCI DSS 3.0 Updates and Ramifications for Network and Application Security

March 02, 2015 Added by:Barracuda Networks

The PCI DSS 3.0 is here. Since Jan 1, 2015 organizations under its purview are required to comply with the updated standard. Many of the changes stem from the recent high profile breaches, despite being compliant.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

What is a Level 3 Merchant?

March 02, 2015 Added by:PCI Guru

This consistently keeps coming up as an issue because of the confusing definitions on the Visa, MasterCard and Discover Web sites.

Comments  (3)

E3a9682e949423ecdcbe7e0a0b2ff990

Owning your own data – Data residency laws

February 26, 2015 Added by:Willy Leichter

A question I get asked a lot at is, “If there is a data center in my region, do I still need to protect my own data if I’m concerned about say data residency laws?”

Comments  (5)

6d117b57d55f63febe392e40a478011f

FFIEC Adds Cyber-Resilience to Business Continuity Guidelines

February 25, 2015 Added by:Anthony M. Freed

The Federal Financial Institutions Examination Council (FFIEC) has issued revised Business Continuity Planning (BCP) guidelines for the financial services sector

Comments  (8)

Fc152e73692bc3c934d248f639d9e963

Incidental Contact

February 23, 2015 Added by:PCI Guru

I have had a number of questions recently regarding how to deal with the occasional customer that sends cardholder data (CHD) or sensitive authentication data (SAD) to the merchant via email or instant messaging in blatant disregard to security.

Comments  (4)

979f414890697f63dd65387a37a77977

Why Harmonizing Cloud Security Standards will Accelerate Cloud Adoption

February 20, 2015 Added by:Evelyn De Souza

As the public cloud becomes mission-critical, business and government applications, many standards bodies and government entities worldwide are issuing stronger security guidance and new standards.

Comments  (8)

Fc152e73692bc3c934d248f639d9e963

Council Surveys QSAS on SSL

February 19, 2015 Added by:PCI Guru

The dilemma we have is that while SSL is dead, it is baked into so many products and appliances.

Comments  (7)

Fc152e73692bc3c934d248f639d9e963

New PCI Compliance Study

February 16, 2015 Added by:PCI Guru

Dr. Branden Williams and the Merchants Acquirer Committee (MAC) have issued a new report on PCI compliance and the impact of breaches on merchants and MAC members.

Comments  (3)

Ffc4103a877b409fd8d6da8f854f617e

PCI Security Standards Council Statement on White House Cybersecurity Summit

February 13, 2015 Added by:InfosecIsland News

The PCI Security Standards Council applauds the progress made by The White House Cybersecurity Summit at Stanford University.

Comments  (7)

F45df53d99605d46f5ae32b7bed9fe22

Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams

February 09, 2015 Added by:Thu Pham

If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.

Comments  (3)

201d6e4b7cd0350a1a9ef6e856e28341

ACTUAL Domestic and International ICS Cyber Incidents From Common Causes

February 09, 2015 Added by:Joe Weiss

There is still minimal identification of, much less, “connecting the dots” on ICS cyber incidents.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

Merchant, Service Provider or Both?

February 02, 2015 Added by:PCI Guru

Apparently there are a lot of newcomers to the PCI compliance business and are asking bizarre questions regarding PCI. One of the most common is if their organization is a merchant or a service provider or both?

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

Thought Experiment: Mandatory Online Banking Security Standards

January 28, 2015 Added by:Tripwire Inc

Banks are required by law to follow government regulations; these subject the banks to specific requirements, restrictions and guidelines. The end goal being, among other things, transparency.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

End of Life

January 27, 2015 Added by:PCI Guru

This topic has started to come up again as we go through PA-DSS research on applications and find that the listings contain operating systems that are at or past end of life (EOL).

Comments  (4)

Page « < 1 - 2 - 3 - 4 - 5 > »