March 02, 2015 Added by:Barracuda Networks
The PCI DSS 3.0 is here. Since Jan 1, 2015 organizations under its purview are required to comply with the updated standard. Many of the changes stem from the recent high profile breaches, despite being compliant.
February 25, 2015 Added by:Anthony M. Freed
The Federal Financial Institutions Examination Council (FFIEC) has issued revised Business Continuity Planning (BCP) guidelines for the financial services sector
February 23, 2015 Added by:PCI Guru
I have had a number of questions recently regarding how to deal with the occasional customer that sends cardholder data (CHD) or sensitive authentication data (SAD) to the merchant via email or instant messaging in blatant disregard to security.
Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams
February 09, 2015 Added by:Thu Pham
If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.
February 09, 2015 Added by:Joe Weiss
There is still minimal identification of, much less, “connecting the dots” on ICS cyber incidents.
January 28, 2015 Added by:Tripwire Inc
Banks are required by law to follow government regulations; these subject the banks to specific requirements, restrictions and guidelines. The end goal being, among other things, transparency.
January 26, 2015 Added by:Mav Turner
Continuous compliance involves constantly reviewing processes and quickly making any necessary updates as a result of deviations from their intended performance. However, despite the fact that continuous compliance is effective at eliminating the gaps between compliance and security, it also greatly increases the complexity of managing compliance.
January 08, 2015 Added by:PCI Guru
With the advent of SAQ A and A-EP, there seems to be confusion as to what meets what for each SAQ. I thought I covered this rather well in my post titled ‘Of Redirects And Reposts’. But apparently that was not clear enough.
January 05, 2015 Added by:Thu Pham
Every organization, regardless of size, is comprised of a variety of sensitive data - from HR and payroll handling medical, financial and personally identifiable employee data to your precious intellectual property. And each of these data types can be sold for a price on the black market, making them valuable to attackers financially as well as for blackmail purposes.
January 05, 2015 Added by:Paul Lipman
The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.
Securing Bitcoin - The New Frontier... williama willis on 03-04-2015
Harvesting Credentials with the Social Engin... Carlson lson on 03-03-2015
PlugX Malware Adopts New Tactic in India Att... hhm1020 hhm1020 on 03-03-2015