HIPAA

Bd07d58f0d31d48d3764821d109bf165

Backoff PoS Malware: Are You Infected and Don't Know It?

August 27, 2014 Added by:Tripwire Inc

According to the Secret Service, Backoff malware has affected an additional 1,000 businesses, hit by the same type of cyberattack that stole the personal information of millions of Target customers last year. “

Comments  (0)

65be44ae7088566069cc3bef454174a7

Avoid this Common Privacy Choice Mistake

August 26, 2014 Added by:Rebecca Herold

Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

P2PE Versus E2EE

August 25, 2014 Added by:PCI Guru

I have been encountering a lot of organizations that are confused about the difference between the PCI SSC’s point-to-point encryption (P2PE) certified solutions and end-to-end encryption (E2EE). This is understandable as even those in the PCI community are confused as well.

Comments  (1)

306708aaf995cf6a77d3083885b60907

Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems

August 19, 2014 Added by:Mike Lennon

TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Requirement 10.6.2 Clarification

August 14, 2014 Added by:PCI Guru

The argument in PCI circles is the definition of “all other systems”. Some of us believed that it meant systems other than those in-scope. Other people believed that it had to refer to only in-scope systems such as a user workstation.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

It’s Time for Retailers to Tell Point-of-Sale Hackers to ‘Back Off’

August 14, 2014 Added by:Patrick Oliver Graf

It’s Groundhog Day all over again for retailers, following the U.S. Department of Homeland Security’s warning that they could, once again, be exploited by malicious actors.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Dilemma of PCI Scoping - Part 3

August 11, 2014 Added by:PCI Guru

In part 2 we discussed the criticality of a risk assessment and started on implementing the framework with fixing monitoring and alerting so that we can properly manage the risk we will be accepting. In this part I will deal with Category 2 and 3 systems and how to manage their risk.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Another Washington Think Tank Paper on Critical Infrastructure - Another Miss

August 07, 2014 Added by:Joe Weiss

As with the other papers, the paper chairs reflect the upper strata in political Washington. Unfortunately, like the other papers, there is a lack of control system expertise that has been applied even though I was told more than 200 people worked on the paper.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Dilemma of PCI Scoping – Part 2

August 06, 2014 Added by:PCI Guru

Today’s integrated and connected world just does not lend itself to an isolationist approach due to the volume of information involved, business efficiencies lost and/or the operational costs such an approach incurs.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Retail POS System Compromised Through Video Security System

August 06, 2014 Added by:Dan Dieterle

Recently I was talking with a Retail Point of Sale (POS) software expert and was told how a POS system was hacked by an attacker that had gained access to the network through a video security system.

Comments  (0)

65be44ae7088566069cc3bef454174a7

Security is Action…Privacy is the Result of Action

August 04, 2014 Added by:Rebecca Herold

Information security and privacy have a lot of overlaps, but they ultimately involve different actions and different goals, and require those performing them to be able to take different perspectives.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Real Hacks of Critical Infrastructure are Occurring – Information Sharing is Not Working

July 30, 2014 Added by:Joe Weiss

My database of actual ICS cyber incidents is >350 and growing. I certainly hope people wake up before it is too late.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Dilemma of PCI Scoping - Part 1

July 28, 2014 Added by:PCI Guru

Based on the email comments of late, there are apparently a lot of you out there that really do not like the Open PCI Scoping Toolkit.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The Unisys Ponemon study – Is It Actually Relevant to ICSs

July 22, 2014 Added by:Joe Weiss

It is important to understand the validity of the observations and conclusions as this report is being widely quoted.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Keeping it Simple - Part 1

July 21, 2014 Added by:PCI Guru

Apparently, I struck a nerve with small business people trying to comply with PCI. In an ideal world, most merchants would be filling out SAQ A, but we do not live in an ideal world. As a result, I have collected some ideas on how merchants can make their lives easier.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Compliance and Security Seals from a Different Perspective

July 16, 2014 Added by:Rafal Los

Compliance attestations. Quality seals like “Hacker Safe!” All of these things bother most security people I know because to us, these provide very little insight into the security of anything in a tangible way. Or do they?

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »