Merchant, Service Provider or Both?

February 02, 2015 Added by:PCI Guru

Apparently there are a lot of newcomers to the PCI compliance business and are asking bizarre questions regarding PCI. One of the most common is if their organization is a merchant or a service provider or both?

Comments  (1)


Thought Experiment: Mandatory Online Banking Security Standards

January 28, 2015 Added by:Tripwire Inc

Banks are required by law to follow government regulations; these subject the banks to specific requirements, restrictions and guidelines. The end goal being, among other things, transparency.

Comments  (3)


End of Life

January 27, 2015 Added by:PCI Guru

This topic has started to come up again as we go through PA-DSS research on applications and find that the listings contain operating systems that are at or past end of life (EOL).

Comments  (4)


Three Compliance Trends to Watch in 2015

January 26, 2015 Added by:Mav Turner

Continuous compliance involves constantly reviewing processes and quickly making any necessary updates as a result of deviations from their intended performance. However, despite the fact that continuous compliance is effective at eliminating the gaps between compliance and security, it also greatly increases the complexity of managing compliance.

Comments  (2)


SAQ A and SAQ A-EP Clarification

January 08, 2015 Added by:PCI Guru

With the advent of SAQ A and A-EP, there seems to be confusion as to what meets what for each SAQ. I thought I covered this rather well in my post titled ‘Of Redirects And Reposts’. But apparently that was not clear enough.

Comments  (5)


Does Your Valuable Data Belong to Hackers?

January 05, 2015 Added by:Thu Pham

Every organization, regardless of size, is comprised of a variety of sensitive data - from HR and payroll handling medical, financial and personally identifiable employee data to your precious intellectual property. And each of these data types can be sold for a price on the black market, making them valuable to attackers financially as well as for blackmail purposes.

Comments  (6)


Moving from Alert-Driven to Intelligence-Driven Security

January 05, 2015 Added by:Paul Lipman

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

Comments  (1)


The Three Hop Rule

January 05, 2015 Added by:PCI Guru

At the 2014 Community Meeting, the PCI SSC responded to a question about network segmentation with what has come to be termed the “Three Hop Rule”.

Comments  (2)


PCI Compliance Is Getting More Rigorous

December 29, 2014 Added by:PCI Guru

When Visa and MasterCard trotted out their security standards back in 2002 and 2003, the large eCommerce merchants that got to see them complained that they were too much. Fast forward more than a decade and we still hear complaints that the PCI standards are too much.

Comments  (0)



December 11, 2014 Added by:Wendy Nather

I've always had a problem with compliance, for a very simple reason: compliance is generally a binary state, whereas the real world is not. Nobody wants to hear that you're a "little bit compliant," and yet that's what most of us are.

Comments  (0)


Significant Change And Periodic

December 09, 2014 Added by:PCI Guru

No words or phrases in the PCI standards elicit more comments and questions than “significant change”, “periodic” and “periodically”.

Comments  (0)


Security in 2015: The Internet Becomes the Corporate Network Perimeter

December 05, 2014 Added by:Paul Lipman

The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...

Comments  (0)


Phones, Phablets and Clouds - Securing Today’s New Infrastructure

December 03, 2014 Added by:Steve Durbin

Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...

Comments  (0)


New PoS Malware Used to Target Interactive Kiosks

November 27, 2014 Added by:Eduard Kovacs

A new piece of malware designed to steal data from point-of-sale (PoS) terminals has been found on electronic kiosks, including on public transport ticket vending machines, IntelCrawler reported on Wednesday.

Comments  (2)


Face It, You Are A Poor Judge Of Risk

November 24, 2014 Added by:PCI Guru

I bring this up because the PCI DSS is heading more and more to be driven by risk and the assessment of that risk.

Comments  (5)


Security or Checking a Box?

November 20, 2014 Added by:PCI Guru

What is your organization interested in? Security or checking a box? Not surprisingly, most people answer “security” and then go on to prove with their actions and words that they are only interested in checking a box.

Comments  (1)

Page « < 2 - 3 - 4 - 5 - 6 > »