Items Tagged with "PCI DSS"


B451da363bb08b9a81ceadbadb5133ef

Pain Comes Immediately – Secure Development Takes Time

April 17, 2012 Added by:Alexander Rothacker

Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

When Will PCI SSC Stop the Mobile Payment Insanity?

April 10, 2012 Added by:PCI Guru

The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Financial Institutions – Your Time is Coming

April 04, 2012 Added by:PCI Guru

Most financial institutions purchase their software applications from third party development firms. With all of the regulatory changes going on in the financial institution industry, these software firms have been focused on those regulatory changes and not PCI compliance...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Update on the Visa - MasterCard - GPN Breach

April 03, 2012 Added by:Pierluigi Paganini

Global Payments' announced that Track 2 data was stolen, which is used by the bank. Track 1 data generally refers to the information reported on the front of a bank card. So if this information was stolen along with that contained in Track 2, it is possible to clone a card...

Comments  (0)

83a1969531a4f021a9f7339e222ab995

New Release of COREvidence Multi-Engine Vulnerability Service at RSA Conference

March 29, 2012 Added by:Nabil Ouchn

This newest release comes with a bunch of new features and concepts. The dashboard has been designated to display clear and specific data for our users. At a glance customers can determine the assets with the least secure status. All relevant information is at your fingertips...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

On PCI DSS Compliance Certificates

March 28, 2012 Added by:PCI Guru

All of you processors and acquiring banks that think the only proof of PCI compliance is some mystical PCI DSS Compliance Certificate, stop demanding them. They do not exist and never have. The document you need for proof of PCI compliance is the Attestation Of Compliance, period...

Comments  (0)

A6f413a75686867ef5010ac90b5ceef9

Incident Response and PCI Compliance

March 25, 2012 Added by:Chris Kimmel

One question you should be asking your penetration testing company is, “Do you also test my incident response?” This is an important piece of PCI compliance. As stated by section 12.9 of the PCI DSS v2, a company must implement an IRP and be prepared to respond to an incident...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Understanding Cloud Security Part Two

March 14, 2012 Added by:Neira Jones

Organisations need to ask cloud providers to disclose security controls and how they are implemented, and consuming organisations need to know which controls are needed to maintain the security of their information. Lack of thoroughness can lead to detrimental outcomes...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI: When a Breach is Not a Breach

March 08, 2012 Added by:PCI Guru

The lawsuit points out a disconcerting issue with a cardholder data breach: Any incident investigation initiated by the card brands under the PCI standards is going to focus on PCI compliance and not on whether or not the breach actually occurred...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

AntiSec, Stratfor, WikiLeaks, and Much Ado about Nothing

February 29, 2012 Added by:Infosec Island Admin

Some of us out there know a little bit about how intelligence works. While the likes of WikiLeaks rail about how some are using money and perhaps even sex to sway their sources, the reality is that this game has always been played this way. Intelligence is a dirty business...

Comments  (2)

9f19bdb2d175ba86949c352b0cb85572

Compliance in the Digital Era: Watch Out for the Third Party

February 24, 2012 Added by:Neira Jones

It is crucial that businesses understand which controls are needed to maintain the security of their information assets and it is therefore crucial that suppliers are assessed against the business regulatory and compliance framework...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Encryption Key Management Primer – Requirement 3.6

February 23, 2012 Added by:PCI Guru

Requirement 3.6.4 always seems to be a sticking point because people get caught up in the key expiration concept. The thing to remember is that whether or not a key expires is typically related to the encryption algorithm such as for those using public key infrastructure...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Why The Push For EMV Adoption In The United States?

February 20, 2012 Added by:PCI Guru

What is Visa USA trying to prove with this push of EMV? Apparently only Visa USA can tell us because, for the rest of us, there are no business cases we can construct to justify the switch to EMV. Obviously, Visa USA knows something that the rest of us do not. Or do they?

Comments  (2)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Encryption Key Management Primer – Requirement 3.5

February 12, 2012 Added by:PCI Guru

The problem with the manual option is that encryption keys are typically needed to boot the secure server or start an application that needs access to encrypted data. The security surrounding the keys becomes problematic as operations personnel need regular access...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »