Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Cybercrime on the Rise
Saw an interesting article right in the Chicago Tribune’s Sunday Magazine section about information security – Cybercrime is on the rise. I love that cyber security is not only making the news, but it’s right in front of you when you’re settling in with your coffee and Sunday newspaper (for those of us who still read newsprint). (more…)
PCI Council Releases PCI DSS Tokenization Guidelines
The PCI Security Standards Council has released a new Information Supplement, titled “PCI DSS Tokenization Guidelines” that provides additional clarifications regarding the use of tokenization technologies and services to reduce the scope of PCI compliance. (more…)
Who is safeguarding your customers’ sensitive data?
Who is safeguarding your customers’ sensitive data? I’ve been reading with wonder, as I’m sure many of you have, about the seemingly endless parade of breaches for companies small & large. Increasingly, it isn’t the company reporting the breach that is the cause of the issue; rather it has been partners or service providers to those companies. (more…)
Logging, logging and more logging – configuring logging
OK, any Information Security professional knows that logging is very important. Here are some best practices that we subscribe to in configuring logging: (more…)
SAFE Data Act moves one step closer to becoming law
The SAFE Data Act has taken another step towards becoming the nation’s first federal breach notification law. And as the bill proceeds through the legal process, a debate begins to emerge (imagine that!). There is a lot of noise being made about the fact that the bill requires notification within 48 hours of a breach. (more…)
OWASP “Cheat Sheets”
Organizations that must achieve and maintain PCI DSS compliance often have difficulty implementing or redesigning web applications to align with the OWASP Top 10. Raul Siles, an OWASP contributor and SANS ISC Handler, has recently posted a OWASP “cheat sheet” for web application session handling that may be useful when designing and/or reviewing web application sessions. (more…)
Amy Winehouse’s Death Used in Online Attacks
Here we have another good example of why good security awareness training is so important – Amy Winehouse. Cybercriminals are very quick to take advantage of the latest news to increase the chances of success in their phishing attacks. Does your security awareness training adequately cover this? Do your users understand not to click on those links in unsolicited emails, Facebook pages, etc.?
(more…)
BET24 warns over data breach – 19 months later
As reported by The Register (http://www.theregister.co.uk/2011/07/26/bet24_security_breach/), online gambling site BET24.com notified customers on Monday of data breach that occured in December, 2009. (more…)
Hackers Shift Attacks to Small Firms
In 2010, 63% of breach investigations involved companies with fewer than 100 employees – small firms. That’s up from 27% in 2009 – a dramatic increase. (more…)