Posted inPCI DSS Compliance
PCI DSS & Network Devices
PCI DSS requirements say many things about network security to make the card holder data safe and protected when it is stored, transmitted & processed. How we can achieve the…
Posted inPCI DSS Compliance
Profiling a Vendor of Visa/MasterCard Plastics and Holograms
The cardholder data breach is not a new thing. It is been a nightmare for every CIO in the world. Dancho Danchev's blog has an interesting article on how these…
Posted inIncident Management NIST
NIST Computer Security Incident Handling Guide
NIST has published the final version of their guide on Computer Security Incident Handling. This guide is built based on the best practices adopted by governments, other non-commercial organizations and…
Posted inIdentity & Access PCI DSS Compliance
Dual Control or Segregation of Duties?
Many information security professionals, event at the senior level roles, are still getting the internal control mechanisms such as Dual Control and Segregation of duties wrong. I often see that…
The rat race of vulnerability management
Patch management is one among the major IT Security concerns most of the organizations are worried about. It is practically not possible to have a 100% of the IT infrastructure…
Posted inData Protection PCI DSS Compliance
Global Payments breach.initial review
Security breaches are become a common thing these days. They hit the front page only when the size or importance of the breach become huge. The recent security breach at…
Posted inIdentity & Access PCI DSS Compliance
PCI DSS compliance and Password policy
Usernames and passwords is still the major method of authenticating users to the systems. It would be difficult to find someone without a user name and password in the workplace.…
Posted inCloud Security PCI DSS Compliance
Cloud solutions & PCI DSS Compliance
Businesses are increasing its dependence on cloud computing solutions. PCI DSS compliance is often a concern for many organizations when considering cloud or virtualized solutions. As mentioned in one of…
Posted inCloud Security PCI DSS Compliance
How long can CISO’s avoid Cloud Computing?
Cloud computing is gaining momentum in the business world. More and more business wants to increase their IT usage on the cloud utilizing the cloud computing benefits such as faster…
Posted inCompliance
Cyber security risks and cyber incidents.SEC Guidance
Division of Corporation Finance at Securities and Exchange Commission has released guidance on reporting the cyber security risks and cyber incidents. This has come after the realization of the SEC…