Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
PCI Compliance News flash! Most QSAs provide their validation services on a fixed fee basis
PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated. (more…)
Where to Begin?
Sometimes we’ll talk with clients and they feel like they don’t know where to begin in managing information security. A great first step would be a Risk Assessment. A risk assessment recommends treatment of discovered risks and then manages remediation of gaps in risk controls. (more…)
Advanced Malware – Assume the Worst
With advanced malware these days, you’ve got to assume you’re probably already infected. Typical testing methods, though good for spotting vulnerabilities, may not find the malware already lurking in your environment. (more…)
Security Implications of Leveraging Cloud Computing
Cloud computing is rapidly evolving into a service model that has the potential to save money and create efficiencies for organizations large and small. This new model can help achieve significant cost savings, reduce IT complexity, and increase flexibility in adapting to a changing business environment. (more…)
Governance of Enterprise Security
Governance of Enterprise Security. Just read a interesting survey finding. The 2012 survey was done by Carnegie Mellon CyLab, sponsored by RSA. They surveyed how boards and senior executives are governing the privacy and security of their organizations’ digital assets. They used the Forbes Global 2000 list – respondents included: CEO/Presidents (52%), Corporate Secretaries (15%) and Board Chairs (24%). (more…)
Your Nerds Don’t Understand Compliance Either.
Don’t Understand Compliance? On January 18th, Jon Stewart of The Daily Show teased U.S Representative Mel Watt for failing to understand a bill that he was trying to pass. (more…)
Mobile Device Security
Mobile devices have become an important aspect of our personal and professional lives. In today’s networked world, we increasingly rely on mobile devices to access sensitive data on corporate networks. While the benefits of mobile devices is continually expanding, so are the risks. (more…)
What type of PA-DSS Payment Application Do I Have?
For those vendors looking to have their payment application listed on the Council’s “List of Validated Payment Applications”, you will see there are several different categories of a payment application. Some might be defined as a “Payment Middleware” or “POS Admin” or “POS Suite”. So how do you even begin to understand the difference amongst these different categories? (more…)
March 1 – Your Vendor Contracts Were Supposed to be Updated
The Massachusetts law 201 CMR 17.00 that forces US organizations to protect the PII of Massachusetts residents went into its final enforcement phase on March 1, 2012. By that date, no exceptions, businesses that send Massachusetts-based PII to vendors (service providers) needed to require in providers’ contracts that they will also abide by the law. (more…)
Advanced Next Generation Malware
As many companies have already discovered, virus and malware infections are becoming more prevalent than ever regardless of the AV solutions in place. Malware continues to grow as the greatest threat to intellectual property or network assets. Most companies remain unaware of how widespread the problem is or even how much malware has propagated the network. (more…)