Searching for the Meaning of Reasonable Security
After your organization has a data breach, what would you say to a judge that asked if your safeguards were ‘reasonable?’
After your organization has a data breach, what would you say to a judge that asked if your safeguards were ‘reasonable?’
If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless […]
Early on in my information security career I was auditing a firm that conducted complex economic analyses for their clients. They processed a lot of personal information and they wanted to be sure they were applying appropriate controls to safeguard that information. Part of their business model was to charge their clients per hour for […]
Managers often think about compliance in terms of policies. There is something concrete, achievable and finite about them. And they are required by laws and regulations for protecting information and systems. But too often managers think of policies as a finish line for compliance. Need to be compliant? Then write a bunch of new policies […]
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a […]