Blog Posts Tagged with "Security Audits"

Fc152e73692bc3c934d248f639d9e963

Some Opinions On PCI Self-Assessment Questionnaires

July 12, 2011 Added by:PCI Guru

Since there are multiple ways to conduct a transaction, no single SAQ will cover all of these transaction methods. And since an organization is only supposed to fill out and submit one SAQ to their acquiring bank, the question becomes, which SAQ should the organization use?

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Infosec and Internal Audit Working Together

July 11, 2011 Added by:Robb Reck

The difference between security and internal audit is slight, but significant. We are both looking to address risk, but security is considered a part of the business, and audit must be an impartial third party. By working together both teams can become better at what they do...

Comments  (3)

4085079c6fe0be2fd371ddbac0c3e7db

What is a Kernel Level Audit Trail?

July 11, 2011 Added by:Jamie Adams

Few people understand how audit records are generated or the difference between a kernel level audit trail and an application event log. It is critical to configure auditing and logging mechanisms to capture the right data to safeguard the data to prevent it from being modified...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Cynical Security Cliches

June 17, 2011 Added by:Javvad Malik

Auditors are always trying to pin something on security departments. They’ll doggedly pursue every lead, using their statement of work as an all-access pass to the security procedures. Worse, the cynic can even find himself becoming a chief suspect in his own investigation...

Comments  (1)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Cloud Computing, Security, and You

June 16, 2011 Added by:Global Knowledge

There are many benefits of cloud computing, yet cloud computing also brings significant security concerns when moving critical applications and sensitive data to public and shared cloud environments. Here are five things to keep in mind when considering cloud based services...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Self-Assessment Questionnaires

June 09, 2011 Added by:PCI Guru

Where most organizations go wrong with the original SAQ C is when they have an integrated POS that connects back to a corporate network. Remote management is allowed in this environment, but the entity that remotely connects must not have uncontrolled access to the POS environment...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Draft PCI DSS v2.0 “Scorecard” Released

May 18, 2011 Added by:PCI Guru

The biggest change I have found thus far is the removal of the requirement to observe network traffic as the Network Monitoring column is gone. Prior to this point, QSAs were required to obtain network traffic via WireShark or similar tool to prove that network traffic is encrypted...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How to Use Your FCPA Audit

May 18, 2011 Added by:Thomas Fox

In short, do not be afraid of the results and use Paul McNulty’s maxims of “what did you find” and “what did you do about it”. After you have completed the FCPA audit, what steps should you take? This post will explore some of the issues related to the evaluation and response...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Auditing Security, Measuring Risk, and Promoting Compliance

May 11, 2011 Added by:Ben Rothke

In most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Does ISO 27001 Mean That Information is 100% Secure?

May 10, 2011 Added by:Dejan Kosutic

ISO 27001 certification guarantees that the company complies with the standard and with its own security rules; it guarantees that the company has taken all the relevant security risks into account and that it has undertaken a comprehensive approach to resolve major risks...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

PCI QSA Re-Certification – 2011 Edition

May 10, 2011 Added by:PCI Guru

Regardless of whether or not software is PA-DSS certified, the bottom line is that a QSA is going to be required to assess the application for compliance with the PCI DSS and will have more work effort if the software is not PA-DSS certified...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

PCI Security Compliance: Q and A with Anton Chuvakin

April 22, 2011 Added by:Anton Chuvakin

PCI DSS and other PCI standards were intended as a baseline set of security practices, not as a comprehensive, upper limit on security. For various reasons, it is hard for many organizations to understand that. What results is a false sense of security and a mistaken sense of betrayal...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Nuclear Research Facility Lacks Adequate Cyber Security

April 21, 2011 Added by:Headlines

"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," a federal audit concluded...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance

April 14, 2011 Added by:Anton Chuvakin

FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

NASA Systems Are Still Too Vulnerable to Attack

March 31, 2011 Added by:Dan Dieterle

Serious security gaps were found at NASA during a recent audit. The fact that a government run entity has been attacked, and then apparently ignored a plan to remedy the situation, speaks volumes about our nation's ability - or maybe better said desire - to thwart hacking attempts...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »
Most Liked