Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
PCI DSS Quick Reference Guide v2.0 Released
The PCI Security Standards Council has released the new PCI DSS Quick Reference Guide, updated for the new version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS). (more…)
Visa to Launch Mobile Wallet in U.S. this Fall
Visa has announced plans to launch a mobile wallet using NFC (“Near Field Communications”) to facilitate mobile payments. See the detailed announcement from Computerworld here: (more…)
Scanning for Weak MS-SQL Passwords Using NMap and Medusa
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists and it can take time trying to connect to hosts that don’t have SQL installed. I could probably write a few extra pages just about tools and methods so I’ll stop there and get started. (more…)
New Draft Guidance from NIST for Cloud Computing
Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance: (more…)
Study finds that PCI compliant companies suffer far fewer data breaches
Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI compliant: (more…)
Microsoft Security Guides and Compliance Resources
Microsoft Security Guides and Compliance Resources. For those of you managing security across Windows-based systems or doing development within a Windows environment, Microsoft has some valuable tools and resources available to help with security and compliance. (more…)
New PCI Guidance Issued for Call Centers
The PCI Council has published new guidance for Call Centers handling credit cards via telephone, especially when VoIP is used, and also addresses issues surrounding the storage of recorded calls. (more…)
PCI’s Impact on Security – Quantified
A recent study by Imperva provides some interesting insights into the impact PCI Compliance is having in terms of the likelihood of a security breach. (more…)
The True Cost of Compliance
An interesting benchmark study was done recently (published Jan., 2011) by Ponemon Institute, commissioned by Tripwire, Inc., entitled “The True Cost of Compliance”, examines 46 companies, and involved interviews of 160 functional leaders. (more…)