Monthly Archives: June 2009

Making PCI Stand For Coordination & Impact : Daniel Wallace

Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement.

Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand.

For example, a merchant that processes 2 million credit card transactions will not necessarily be a Level 2 retailer. What matters for purposes of this requirement is the number of MasterCard transactions. You may have 800,000 MasterCard transactions, 600,000 Visa transactions, and 600,000 transactions with American Express.

via Making PCI Stand For Coordination & Impact : Information Security Resources.

IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering

A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry’s discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.

via IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering.

Out of business, Clear may sell customer data – Network World

Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else’s hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

via Out of business, Clear may sell customer data – Network World.

Now this is interesting – you pay a company a annual fee (in this case $199) and then give them your sensitive data (very sensitive data), then they think it is THEIR data and just feel they have a right to SELL it – simply amazing world we live in …

New proposed regulations in the US #Compliance #GRC

New legislation continues to pass at a fast clip in the US under the new administration, some of the most revealing actions taken so far include:

more at The Forrester Blog For Security & Risk Professionals.

PCI Security Standards Council Selects PricewaterhouseCoopers for Emerging Technology Review and Recommendations Project #PCI

PricewaterhouseCoopers LLP (PwC) has been awarded a research project by the PCI Security Standards Council (SSC). PwC will perform industry research to support the PCI SSC in determining which technology approaches may be available to help merchants, service providers and processors more effectively secure cardholder data in accordance with the various Standards released by the Council.

via PCI Security Standards Council Selects PricewaterhouseCoopers for Emerging Technology Review and Recommendations Project.