Items Tagged with "PCI DSS"


Ad5130e786d13531cc0f2cde32dacd0f

PCI DSS Risk SIG Announced: Results Will Be Interesting

December 12, 2011 Added by:Andrew Weidenhamer

The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Merchant Beware – New Mobile Payment Solution in the Wild

December 12, 2011 Added by:PCI Guru

Even if Square’s software encrypts the data, the underlying OS will also collect the data in cleartext. Forensic examinations of these devices have shown time and again that regardless of what the software vendor did, the data still existed in memory unencrypted...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance: On Redirects and Reposts

December 08, 2011 Added by:PCI Guru

A number of clients recently prompted me on my take regarding Redirects and Reposts as they attempt to shrink their PCI compliance footprint as small as possible. A lot of them like the idea of the repost because it requires only a simple change to their existing e-Commerce sites...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Decrypting QSA Qualifications in a Diluted Market Place

November 21, 2011 Added by:Andrew Weidenhamer

One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Security Scribbling: ISO 27001 vs. PCI Misunderstanding

November 17, 2011 Added by:Andrew Weidenhamer

The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Webcasts: PCI DSS Demystified and Mobile Device Security

November 14, 2011 Added by:Infosec Island Admin

This SC magazine free webcast was inspired by the spate of smaller companies being caught out recently by PCI loopholes then incurring massive reputational and financial damage as a result, plus another on what to do about security as iPads, Smartphones proliferate in the workplace...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Avatars, Mobiles and Other Security Stories…

November 07, 2011 Added by:Infosec Island Admin

There are so many learning resources out there in our profession, making it hard to know where to go for the really worthwhile insights on key issues like personal devices in the workplace, cloud security etc. Two upcoming online events in these areas that have really got people talking...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

This Year’s PCI SSC SIG Proposals

November 02, 2011 Added by:PCI Guru

This SIG is to be created to guide merchants and service providers in what should be the result of a proper risk assessment, not create another risk assessment methodology. While such an Information Supplement is an admirable ideal, you understand why this SIG is a losing proposition...

Comments  (0)

1156f97fa8f23821bd838fe7d9283d90

Welcome to the PCI Prioritization Approach

October 27, 2011 Added by:David Sopata

Organizations often start implementing security controls on all of their systems throughout the company without really knowing what systems should be in scope or which systems should not be in scope for PCI. Hence, the PCI DSS Prioritization Document and Tool was developed...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI and the Insider Threat

October 24, 2011 Added by:PCI Guru

The biggest problem with the insider threat is that it does not matter how much technology you have to protect your assets as it only takes one person in the right place to neutralize every last bit of your security solutions. Just ask anyone any of the recently breached organizations...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Defense In Depth

October 17, 2011 Added by:PCI Guru

It has been more than five years since the “sa” default password debacle and yet you still encounter applications that use service accounts to access their database and those service accounts have no password. The rationale? “We did not want to code the password into the application..."

Comments  (0)

07c90faf3632560a12dd6e98069813f2

Avoid Becoming a Security Statistic

October 12, 2011 Added by:Konrad Fellmann

Some organizations hoard data, but have no idea why. A business owner needs to figure out why the data needs to be kept, who will use the data, and how long it needs to be kept for business, legal or contractual reasons. Once defined, IT can implement proper controls to protect the data...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The EMV-Contactless World According to Visa

October 11, 2011 Added by:PCI Guru

If Visa were to work with the industry to produce a common API for EMV and contactless cards with PIN online, that would drive adoption of more secure cards in the US because there would be a business reason for adoption. Without such a driver, they are still a solution looking for a problem...

Comments  (8)

Fc152e73692bc3c934d248f639d9e963

Notes on the 2011 Verizon Breach Report

October 07, 2011 Added by:PCI Guru

Breaches occur because organizations get sloppy and, even with defense in depth in their security, there are too many controls where execution consistency has dropped leaving gaping holes in the various levels of security. However, once addressed, attackers will find other ways in...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Why Less Log Data is Better

October 05, 2011 Added by:Danny Lieberman

One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...

Comments  (1)

Ad5130e786d13531cc0f2cde32dacd0f

The Holy Grail and the PA-DSS Implementation Guide

October 04, 2011 Added by:Andrew Weidenhamer

As a QSA it is very frustrating to walk in, ask the merchant for the PA-DSS Implementation Guide, and receive a glazed over eye look. It's even more frustrating when you then ask the Vendor/Reseller for the Implementation Guide and they look at you as if you have three heads....

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »