ICS-ISAC: Understanding and Implementing Shared Situational Awareness

May 01, 2014 Added by:Tripwire Inc

SARA (the Situational Awareness Reference Architecture) provides applicable steps for creating local and shared situational awareness.

Comments  (0)


Security And/Or/Vs/Not Compliance?

May 01, 2014 Added by:Anton Chuvakin

Some recent experiences have led me to believe that quite a few organizations have built a deep chasm between security and compliance.

Comments  (1)


Why SAQ A-EP Makes Sense

April 29, 2014 Added by:PCI Guru

Based on the comments I have seen online and made in personal conversations, you would think that SAQ A-EP was heresy or a bad joke.

Comments  (0)


Rx for Incorrect Compliance Claims and XP

April 14, 2014 Added by:Rebecca Herold

I advise all organizations to identify their systems running XP, determine the risks to PHI of those systems, and then establish a plan to upgrade appropriately and in the nearest time feasible.

Comments  (0)


Pros and Cons of US-Based Cloud Services

March 31, 2014 Added by:Gilad Parann-Nissany

Any company or individual using cloud services today should encrypt data in addition to their firewall, anti-virus and other security measures. Incidentally, it is also encouraged by regulation in several sensitive sectors, notably businesses in the health industry under HIPAA patient and data privacy laws and the payment card industry under PCI DSS standards.

Comments  (0)


Missing the (opportunity of) Target

March 25, 2014 Added by:Jack Daniel

What we have is an opportunity to make customers and some merchants happier by standardizing technology across the globe - and we could slide a little increase in security into the process at the same time.

Comments  (0)


How did it happen?

March 04, 2014 Added by:PCI Guru

It is easy to pillory the guy that got breached. However, a lot of you should look inside your own organizations before tossing stones.

Comments  (0)


Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance

February 25, 2014 Added by:David Navetta

Payment card breaches are not 100% preventable, and for most merchants over time, are inevitable...As such, rather than focus solely on cumbersome security standards such as PCI-DSS, payment card breaches should be viewed more from an overall risk management perspective.

Comments  (0)


The NIST Framework and what still needs to be done

February 24, 2014 Added by:Joe Weiss

The recently issued NIST Framework on CIP is a good basic top level document. It directly addresses ICS which is a great step forward and I am very happy to see IEC (ISA)-62443 liberally addressed. I believe the shortcoming is the lack of any actual requirements.

Comments  (0)


Highlights From Verizon PCI Report 2014

February 13, 2014 Added by:Anton Chuvakin

The vast majority of organizations are still not sufficiently mature in their ability to implement and maintain a quality, sustainable PCI Security compliance program.

Comments  (0)


Pre-Authorization Data Must be Protected

February 10, 2014 Added by:PCI Guru

Just because it is pre-authorization data does not mean that you are not required to protect it. The Council has made it very clear that it is to be protected with the same rigor as post-authorization data.

Comments  (5)


Compliance Defense– The Movie

February 05, 2014 Added by:Thomas Fox

In honor of The Movie Channel’s annual 28 days of Oscar, the upcoming Academy Awards and inspired by Jay Rosen’s prior career and the FCPA Professor’s hypothetical discussion between a Chief Compliance Officer (CCO) and his Chief Executive Officer (CEO) last week...I thought I might write about 'Compliance Defense- The Movie.'

Comments  (0)


California Attorney General Files Lawsuit Based on Late Breach Notification

February 04, 2014 Added by:David Navetta

While the outcome of this lawsuit is uncertain, breach notification practitioners and companies that handle California personal information should keep an eye on this case and any rulings that come out of it.

Comments  (0)


How serious is the Aurora vulnerability for nuclear plants?

February 04, 2014 Added by:Joe Weiss

This risk is certainly more probable than once in a million years which is the minimum criteria for the safety analysis to address specific threats.

Comments  (0)


U.S. Intelligence Agencies Say May be Compromised

February 04, 2014 Added by:Anthony M. Freed

U.S. intelligence agencies warned the Department of Health and Human Services that the may have been compromised by contractors from Belarus who worked on developing code for the network who are suspected of inserting malicious code.

Comments  (1)


The Perils of Combining Security and Compliance

January 27, 2014 Added by:Robb Reck

There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »