Information Security Awareness – This morning on CNN, there was about five minutes spent talking about things like cloud security, the recent Sony and Lockheed Martin breaches, and the increased need to be aware of where our sensitive data is stored and how it’s being protected.
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing.
Is Sony’s data security bombshell a second chance for your IT security budget?
The PCI Security Standards Council has released the new PCI DSS Quick Reference Guide, updated for the new version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS).
Visa has announced plans to launch a mobile wallet using NFC (“Near Field Communications”) to facilitate mobile payments. See the detailed announcement from Computerworld here:
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted […]
Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance:
One of the topics our team of QSA’s gets asked frequently is about what kind of language should be in PCI Service Provider contracts to meet the intent of PCI DSS requirement 12.8.2, which is as follows:
Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI […]
Microsoft Security Guides and Compliance Resources. For those of you managing security across Windows-based systems or doing development within a Windows environment, Microsoft has some valuable tools and resources available to help with security and compliance.