Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Logging, logging and more logging – configuring logging
OK, any Information Security professional knows that logging is very important. Here are some best practices that we subscribe to in configuring logging: (more…)
SAFE Data Act moves one step closer to becoming law
The SAFE Data Act has taken another step towards becoming the nation’s first federal breach notification law. And as the bill proceeds through the legal process, a debate begins to emerge (imagine that!). There is a lot of noise being made about the fact that the bill requires notification within 48 hours of a breach. (more…)
OWASP “Cheat Sheets”
Organizations that must achieve and maintain PCI DSS compliance often have difficulty implementing or redesigning web applications to align with the OWASP Top 10. Raul Siles, an OWASP contributor and SANS ISC Handler, has recently posted a OWASP “cheat sheet” for web application session handling that may be useful when designing and/or reviewing web application sessions. (more…)
Amy Winehouse’s Death Used in Online Attacks
Here we have another good example of why good security awareness training is so important – Amy Winehouse. Cybercriminals are very quick to take advantage of the latest news to increase the chances of success in their phishing attacks. Does your security awareness training adequately cover this? Do your users understand not to click on those links in unsolicited emails, Facebook pages, etc.?
(more…)
BET24 warns over data breach – 19 months later
As reported by The Register (http://www.theregister.co.uk/2011/07/26/bet24_security_breach/), online gambling site BET24.com notified customers on Monday of data breach that occured in December, 2009. (more…)
Hackers Shift Attacks to Small Firms
In 2010, 63% of breach investigations involved companies with fewer than 100 employees – small firms. That’s up from 27% in 2009 – a dramatic increase. (more…)
Reducing the Scope for PCI Compliance
The PCI DSS is comprised of over 200 specific requirements, including technical, administrative and policy controls; for this reason, the first consideration when approaching PCI compliance is determining exactly which parts of the environment have to be included within the PCI compliance scope and which do not, based upon the scoping rules provided by the PCI Security Standards Council (see link below for details). Scope reduction is the key to keeping the costs and time required to achieve PCI compliance to a minimum. (more…)
PCI Council Releases Revised PA-DSS Eligibility Criteria
On June 29, 2011 the PCI Security Council released a checklist outlining the types of payment applications that are eligible for PA-DSS validation: (more…)