January 26, 2015 Added by:Mav Turner
Continuous compliance involves constantly reviewing processes and quickly making any necessary updates as a result of deviations from their intended performance. However, despite the fact that continuous compliance is effective at eliminating the gaps between compliance and security, it also greatly increases the complexity of managing compliance.
January 08, 2015 Added by:PCI Guru
With the advent of SAQ A and A-EP, there seems to be confusion as to what meets what for each SAQ. I thought I covered this rather well in my post titled ‘Of Redirects And Reposts’. But apparently that was not clear enough.
January 05, 2015 Added by:Thu Pham
Every organization, regardless of size, is comprised of a variety of sensitive data - from HR and payroll handling medical, financial and personally identifiable employee data to your precious intellectual property. And each of these data types can be sold for a price on the black market, making them valuable to attackers financially as well as for blackmail purposes.
January 05, 2015 Added by:Paul Lipman
The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.
December 29, 2014 Added by:PCI Guru
When Visa and MasterCard trotted out their security standards back in 2002 and 2003, the large eCommerce merchants that got to see them complained that they were too much. Fast forward more than a decade and we still hear complaints that the PCI standards are too much.
December 05, 2014 Added by:Paul Lipman
The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...
December 03, 2014 Added by:Steve Durbin
Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...
November 27, 2014 Added by:Eduard Kovacs
A new piece of malware designed to steal data from point-of-sale (PoS) terminals has been found on electronic kiosks, including on public transport ticket vending machines, IntelCrawler reported on Wednesday.
November 05, 2014 Added by:Steve Durbin
Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.
October 13, 2014 Added by:PCI Guru
It has been an interesting time as the December 31, 2014 deadline approaches and version 2 of the PCI DSS comes to its end of life. I have started to notice that there are a lot of security professionals and others that are closet lawyers based on the discussions I have had with some of you regarding compliance with the PCI DSS.
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015