March 23, 2015 Added by:PCI Guru
For years organizations have complained that they receive varying advice from different QSAs even when the QSAs are from the same firm...To address this situation, the Council is telling all PCI stakeholders that it is up to the organizations being assessed to define the rules of the assessment.
March 19, 2015 Added by:Steve Durbin
The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of today’s most trusted organizations. Attackers have become more organized, attacks are more refined, and all threats are more dangerous, and pose more risks, to an organization’s reputation than ever before.
March 12, 2015 Added by:Danny Lieberman
A 2011 HIPAA patient privacy violation in Canada, where an imaging technician accessed the medical records of her ex-husband’s girlfriend is illustrative of unauthorized disclosure of patient information by authorized people.
March 04, 2015 Added by:Tripwire Inc
Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure. Having worked in the industry for more than a decade, I know that this is demonstrably not true.
March 02, 2015 Added by:Barracuda Networks
The PCI DSS 3.0 is here. Since Jan 1, 2015 organizations under its purview are required to comply with the updated standard. Many of the changes stem from the recent high profile breaches, despite being compliant.
February 25, 2015 Added by:Anthony M. Freed
The Federal Financial Institutions Examination Council (FFIEC) has issued revised Business Continuity Planning (BCP) guidelines for the financial services sector
February 23, 2015 Added by:PCI Guru
I have had a number of questions recently regarding how to deal with the occasional customer that sends cardholder data (CHD) or sensitive authentication data (SAD) to the merchant via email or instant messaging in blatant disregard to security.
Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams
February 09, 2015 Added by:Thu Pham
If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.
February 09, 2015 Added by:Joe Weiss
There is still minimal identification of, much less, “connecting the dots” on ICS cyber incidents.
SecurityWeek NCAA Bracket Challenge: Registe... aman mathur on 03-25-2015
Update 3: Hackers May Leak Norton Antivirus ... jhunax Astillero on 03-25-2015
Bridging the Cybersecurity Divide, Why Secur... suresh dwivedi on 03-25-2015