Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Where does Data Loss Prevention (DLP) fit into a Risk Management Framework?
As stated in a previous post, effective Data Loss Prevention (DLP) will be an important component of an overall Risk Management Framework. The Risk Management framework should include the following: (more…)
Data Classification
Data Classification – Determining what constitutes “sensitive data” is usually not a difficult thing for most people. For me personally, it would be my social security #, my account information – banking, credit card information. And, sadly as the years go by, my birthdate is getting to be more sensitive… (more…)
Fun with Social Engineering
I recently wrote about Security Awareness Training, and mentioned that a well-trained staff and general employee population can be a good deterrent against Social Engineering practitioners. Social Engineering is a service offering of Halock Security Labs, and it’s probably one of our team’s favorite exercises. Social engineering is basically a test of the security awareness of your employees. (more…)
I’m NOT PCI compliant, what should I do?
I’ve spoken with several people in the past few months that have come right out and said that they believed they were not compliant with the PCI and were simply unsure what to do. Their questions were basically the same; what should we do first, who should we tell, how long will this take, and the most popular – how much will it cost to become compliant? (more…)
Tips for PCI DSS Compliance – Compliance is Important, but So Is Security
The folks at processor.com have published an article with some helpful insights and suggestions for companies working on achieving or maintaining PCI DSS compliance. (more…)
Cyber Security Awareness Training – It’s the smart thing to do!
Cyber Security Awareness Training – There is plenty of technology that can be applied in all manner of ways to help protect against a breach, but if the employee culture doesn’t embrace being mindful of security, it makes the CISO’s job a little harder. (more…)
PCI DSS 11.2 and 11.3
A quick note about PCI DSS compliance and scanning vs. penetration testing and PCI DSS 11.2 and 11.3. Often (too often) when I’m talking with organizations about their PCI compliance, they respond that they’re already compliant and they already have someone doing their quarterly scanning for them. That’s great, I say! Then I ask about their internal/external Penetration Testing. (more…)
PCI DSS v2.0 – Summary of Changes
PCI DSS v2.0 has been released. So what now? Summary of Changes: (more…)
Patch Management Should be Core to Operations
SC Magazine published a good article explaining why patch management has become such a critical aspect of information security. (more…)