HIPAA

Fc152e73692bc3c934d248f639d9e963

You Make the Rules

March 23, 2015 Added by:PCI Guru

For years organizations have complained that they receive varying advice from different QSAs even when the QSAs are from the same firm...To address this situation, the Council is telling all PCI stakeholders that it is up to the organizations being assessed to define the rules of the assessment.

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Dangers Accelerate: Increasing Global Threats Loom Over Information Security Landscape

March 19, 2015 Added by:Steve Durbin

The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of today’s most trusted organizations. Attackers have become more organized, attacks are more refined, and all threats are more dangerous, and pose more risks, to an organization’s reputation than ever before.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

The 2015 Verizon PCI Report

March 16, 2015 Added by:PCI Guru

The Verizon report is a great read and provides a lot of insights. Everyone should get a copy and read it, take it to heart and address your organization’s security shortcomings.

Comments  (4)

959779642e6e758563e80b5d83150a9f

It’s Friends and Family Breaching Patient Privacy – Not Estonian Hackers

March 12, 2015 Added by:Danny Lieberman

A 2011 HIPAA patient privacy violation in Canada, where an imaging technician accessed the medical records of her ex-husband’s girlfriend is illustrative of unauthorized disclosure of patient information by authorized people.

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

An Audit Versus an Assessment

March 10, 2015 Added by:PCI Guru

A lot of people are always calling their PCI assessment an audit. However, certified public accountants (CPA) would tell them that there is a vast difference between the two.

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

Is Compliance Bad for Security?

March 04, 2015 Added by:Tripwire Inc

Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure. Having worked in the industry for more than a decade, I know that this is demonstrably not true.

Comments  (3)

B359c06abd8c84e1a224a96ca47af8b9

PCI DSS 3.0 Updates and Ramifications for Network and Application Security

March 02, 2015 Added by:Barracuda Networks

The PCI DSS 3.0 is here. Since Jan 1, 2015 organizations under its purview are required to comply with the updated standard. Many of the changes stem from the recent high profile breaches, despite being compliant.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

What is a Level 3 Merchant?

March 02, 2015 Added by:PCI Guru

This consistently keeps coming up as an issue because of the confusing definitions on the Visa, MasterCard and Discover Web sites.

Comments  (3)

E3a9682e949423ecdcbe7e0a0b2ff990

Owning your own data – Data residency laws

February 26, 2015 Added by:Willy Leichter

A question I get asked a lot at is, “If there is a data center in my region, do I still need to protect my own data if I’m concerned about say data residency laws?”

Comments  (5)

6d117b57d55f63febe392e40a478011f

FFIEC Adds Cyber-Resilience to Business Continuity Guidelines

February 25, 2015 Added by:Anthony M. Freed

The Federal Financial Institutions Examination Council (FFIEC) has issued revised Business Continuity Planning (BCP) guidelines for the financial services sector

Comments  (8)

Fc152e73692bc3c934d248f639d9e963

Incidental Contact

February 23, 2015 Added by:PCI Guru

I have had a number of questions recently regarding how to deal with the occasional customer that sends cardholder data (CHD) or sensitive authentication data (SAD) to the merchant via email or instant messaging in blatant disregard to security.

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

Council Surveys QSAS on SSL

February 19, 2015 Added by:PCI Guru

The dilemma we have is that while SSL is dead, it is baked into so many products and appliances.

Comments  (7)

Fc152e73692bc3c934d248f639d9e963

New PCI Compliance Study

February 16, 2015 Added by:PCI Guru

Dr. Branden Williams and the Merchants Acquirer Committee (MAC) have issued a new report on PCI compliance and the impact of breaches on merchants and MAC members.

Comments  (4)

F45df53d99605d46f5ae32b7bed9fe22

Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams

February 09, 2015 Added by:Thu Pham

If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.

Comments  (5)

201d6e4b7cd0350a1a9ef6e856e28341

ACTUAL Domestic and International ICS Cyber Incidents From Common Causes

February 09, 2015 Added by:Joe Weiss

There is still minimal identification of, much less, “connecting the dots” on ICS cyber incidents.

Comments  (5)

Fc152e73692bc3c934d248f639d9e963

Merchant, Service Provider or Both?

February 02, 2015 Added by:PCI Guru

Apparently there are a lot of newcomers to the PCI compliance business and are asking bizarre questions regarding PCI. One of the most common is if their organization is a merchant or a service provider or both?

Comments  (3)

Page « < 1 - 2 - 3 - 4 - 5 > »