August 26, 2014 Added by:Rebecca Herold
Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.
August 25, 2014 Added by:PCI Guru
I have been encountering a lot of organizations that are confused about the difference between the PCI SSC’s point-to-point encryption (P2PE) certified solutions and end-to-end encryption (E2EE). This is understandable as even those in the PCI community are confused as well.
August 19, 2014 Added by:Mike Lennon
TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.
August 14, 2014 Added by:PCI Guru
The argument in PCI circles is the definition of “all other systems”. Some of us believed that it meant systems other than those in-scope. Other people believed that it had to refer to only in-scope systems such as a user workstation.
August 14, 2014 Added by:Patrick Oliver Graf
It’s Groundhog Day all over again for retailers, following the U.S. Department of Homeland Security’s warning that they could, once again, be exploited by malicious actors.
August 11, 2014 Added by:PCI Guru
In part 2 we discussed the criticality of a risk assessment and started on implementing the framework with fixing monitoring and alerting so that we can properly manage the risk we will be accepting. In this part I will deal with Category 2 and 3 systems and how to manage their risk.
August 07, 2014 Added by:Joe Weiss
As with the other papers, the paper chairs reflect the upper strata in political Washington. Unfortunately, like the other papers, there is a lack of control system expertise that has been applied even though I was told more than 200 people worked on the paper.
August 06, 2014 Added by:Dan Dieterle
Recently I was talking with a Retail Point of Sale (POS) software expert and was told how a POS system was hacked by an attacker that had gained access to the network through a video security system.
August 04, 2014 Added by:Rebecca Herold
Information security and privacy have a lot of overlaps, but they ultimately involve different actions and different goals, and require those performing them to be able to take different perspectives.
July 30, 2014 Added by:Joe Weiss
My database of actual ICS cyber incidents is >350 and growing. I certainly hope people wake up before it is too late.
July 22, 2014 Added by:Joe Weiss
It is important to understand the validity of the observations and conclusions as this report is being widely quoted.
July 21, 2014 Added by:PCI Guru
Apparently, I struck a nerve with small business people trying to comply with PCI. In an ideal world, most merchants would be filling out SAQ A, but we do not live in an ideal world. As a result, I have collected some ideas on how merchants can make their lives easier.
July 16, 2014 Added by:Rafal Los
Compliance attestations. Quality seals like “Hacker Safe!” All of these things bother most security people I know because to us, these provide very little insight into the security of anything in a tangible way. Or do they?
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015