Compliance

Fc152e73692bc3c934d248f639d9e963

End of Life

January 27, 2015 Added by:PCI Guru

This topic has started to come up again as we go through PA-DSS research on applications and find that the listings contain operating systems that are at or past end of life (EOL).

Comments  (6)

E6258b956c06d8dbabbde10d4919e5ef

Three Compliance Trends to Watch in 2015

January 26, 2015 Added by:Mav Turner

Continuous compliance involves constantly reviewing processes and quickly making any necessary updates as a result of deviations from their intended performance. However, despite the fact that continuous compliance is effective at eliminating the gaps between compliance and security, it also greatly increases the complexity of managing compliance.

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

SAQ A and SAQ A-EP Clarification

January 08, 2015 Added by:PCI Guru

With the advent of SAQ A and A-EP, there seems to be confusion as to what meets what for each SAQ. I thought I covered this rather well in my post titled ‘Of Redirects And Reposts’. But apparently that was not clear enough.

Comments  (5)

F45df53d99605d46f5ae32b7bed9fe22

Does Your Valuable Data Belong to Hackers?

January 05, 2015 Added by:Thu Pham

Every organization, regardless of size, is comprised of a variety of sensitive data - from HR and payroll handling medical, financial and personally identifiable employee data to your precious intellectual property. And each of these data types can be sold for a price on the black market, making them valuable to attackers financially as well as for blackmail purposes.

Comments  (6)

6a71825dbf6d876764b845e0fd664e0b

Moving from Alert-Driven to Intelligence-Driven Security

January 05, 2015 Added by:Paul Lipman

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

The Three Hop Rule

January 05, 2015 Added by:PCI Guru

At the 2014 Community Meeting, the PCI SSC responded to a question about network segmentation with what has come to be termed the “Three Hop Rule”.

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance Is Getting More Rigorous

December 29, 2014 Added by:PCI Guru

When Visa and MasterCard trotted out their security standards back in 2002 and 2003, the large eCommerce merchants that got to see them complained that they were too much. Fast forward more than a decade and we still hear complaints that the PCI standards are too much.

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Depends

December 11, 2014 Added by:Wendy Nather

I've always had a problem with compliance, for a very simple reason: compliance is generally a binary state, whereas the real world is not. Nobody wants to hear that you're a "little bit compliant," and yet that's what most of us are.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Significant Change And Periodic

December 09, 2014 Added by:PCI Guru

No words or phrases in the PCI standards elicit more comments and questions than “significant change”, “periodic” and “periodically”.

Comments  (0)

6a71825dbf6d876764b845e0fd664e0b

Security in 2015: The Internet Becomes the Corporate Network Perimeter

December 05, 2014 Added by:Paul Lipman

The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Phones, Phablets and Clouds - Securing Today’s New Infrastructure

December 03, 2014 Added by:Steve Durbin

Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...

Comments  (1)

Af7244bb99debb4a1152fa49a993a05c

New PoS Malware Used to Target Interactive Kiosks

November 27, 2014 Added by:Eduard Kovacs

A new piece of malware designed to steal data from point-of-sale (PoS) terminals has been found on electronic kiosks, including on public transport ticket vending machines, IntelCrawler reported on Wednesday.

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

Face It, You Are A Poor Judge Of Risk

November 24, 2014 Added by:PCI Guru

I bring this up because the PCI DSS is heading more and more to be driven by risk and the assessment of that risk.

Comments  (5)

Fc152e73692bc3c934d248f639d9e963

Security or Checking a Box?

November 20, 2014 Added by:PCI Guru

What is your organization interested in? Security or checking a box? Not surprisingly, most people answer “security” and then go on to prove with their actions and words that they are only interested in checking a box.

Comments  (1)

D36d0936f0c839be7bf2b20d59eaa76d

Can Hackers Get Past Your Password?

November 05, 2014 Added by:Steve Durbin

Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Compliance-Based Infosec Vs Threat-Based Infosec

October 29, 2014 Added by:Brent Huston

Compliance-based infosec, when implemented correctly, is really the best kind of defense there is. The problem is, the only place I’ve ever seen it really done right is in the military.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »