Blog Posts Tagged with "Assurance"


More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)


Keeping Security Relevant: From Control to Governance in the Cloud

May 11, 2012 Added by:Rafal Los

When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?

Comments  (0)


SOC 2: The Customer Security Questionnaire Killer

May 07, 2012 Added by:Jon Long

User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...

Comments  (0)


CISSP Reloaded Domain 5: Security Architecture and Models

April 09, 2012 Added by:Javvad Malik

This domain has a good title and there is probably a lot one can talk about. There are not enough competent security architects on the market. Sure you can get a lot of penetration testers of or risk and compliance type people. But good architects are hard to come by...

Comments  (0)


Security Versus Compliance

December 05, 2010 Added by:Alexander Rothacker

Most corporations do not have strong security cultures. Who with a budget is going to understand the anatomy of a database attack? Security advancements at many corporations are uphill battles that are largely enabled by compliance projects. Remember, the gold is in the database...

Comments  (0)