Onsite PCI assessments are not cheap. First make certain that you have to comply with the onsite assessment requirement.
Although all of the major card brands are partners in PCI-DSS the number of transactions are counted by individual card brand.
For example, a merchant that processes 2 million credit card transactions will not necessarily be a Level 2 retailer. What matters for purposes of this requirement is the number of MasterCard transactions. You may have 800,000 MasterCard transactions, 600,000 Visa transactions, and 600,000 transactions with American Express.
via Making PCI Stand For Coordination & Impact : Information Security Resources.
Russo stoutly defended the standard and said that despite questions about its effectiveness, there’s no alternative when it comes to protecting payment card data.
via Q&A: No alternative to PCI, security council chief insists – Network World.
The new worry from CMS, according to Government Health IT, is that healthcare providers sharing EHR files will be required to meet FISMA standards, which include an annual security test and FISMA certification.
via FISMA—a roadblock for EHRs? – OhMyGov! – General News.
Security researchers have uncovered a cache of stolen FTP credentials belonging to a variety of corporations, including Symantec, McAfee, Amazon and the Bank of America.
via Trojan Swipes FTP Credentials for Major Companies in Malware Attack.
Improved FISMA scores don’t add up to better security, auditor says
GAO official says metrics generally don’t measure how well security controls are established
via Improved FISMA scores don’t add up to better security, auditor says — Federal Computer Week.
A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry’s discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.
via IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering.
Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else’s hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.
via Out of business, Clear may sell customer data – Network World.
Now this is interesting – you pay a company a annual fee (in this case $199) and then give them your sensitive data (very sensitive data), then they think it is THEIR data and just feel they have a right to SELL it – simply amazing world we live in …
New legislation continues to pass at a fast clip in the US under the new administration, some of the most revealing actions taken so far include:
more at The Forrester Blog For Security & Risk Professionals.
PricewaterhouseCoopers LLP (PwC) has been awarded a research project by the PCI Security Standards Council (SSC). PwC will perform industry research to support the PCI SSC in determining which technology approaches may be available to help merchants, service providers and processors more effectively secure cardholder data in accordance with the various Standards released by the Council.
via PCI Security Standards Council Selects PricewaterhouseCoopers for Emerging Technology Review and Recommendations Project.