Tag Archives: NIST

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS

Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security and make compliance an […]

PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography

Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon.  The change is related to vulnerabilities seen with Secure Socket Layer cryptography.

Beyond Target®: Why Vendor Risk Management is Getting All of the Hype

Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management.  After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant […]

Darrell Issa Just Learned the Difference Between Compliance and Security. Let’s Hope for a Payoff.

Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems.