Log and Security Event Information Management (SEIM) are two of the 20 Controls that SANS lists for network security. They are also some of the more controversial ones. Logs are very much like digital fingerprints for one’s network and applications. It has great value for both noticing exploits (visibility) and forensically investigating those which have already […]
Author: Viviana Wesley, PCI QSA Do you accept credit cards as a form of payment? If so, take notice of the guidelines outlined by Visa in response to a recent breach at a grocery store chain: http://usa.visa.com/download/merchants/alert-prevent-grocer-malware-attacks-04112013.pdf
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.
We all know Windows Active Directory is a great solution to centrally manage users and computers.
A Guide to System Hardening:
Latest press release from the PCI Security Standards Council – June 28, 2012:
The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors. Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]
Allowing updates through WatchGuard firewalls. As you are probably aware of by now, the PCI DSS requires that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment, and that the restrictions are documented.
Data Tokenization Considerations