Tag Archives: ISO

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

SEIM Many Logging Options – What to Do?

Log and Security Event Information Management are two of the 20 Controls that SANS lists for network security. They are also some of the more controversial ones. Logs are very much like digital fingerprints for one’s network and applications. It has great value for both noticing exploits (visibility) and forensically investigating those which have already […]