Author Archive
More On PCI DSS 2.0 « #PCI
The biggest news out of this presentation is that requirement 6.5 will now apply to all in-scope applications, not just Internet-facing or browser-based applications. Based on all of the breach research that has been conducted, they have finally realized that any application in the cardholder data environment (CDE) is a potential hazard, not just those [...]
Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ –
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). via Visa Provides [...]
Trojan blamed for Spanish air crash
A plane crash that killed 154 people in 2008 might have been partly connected to the infection of an important ground safety system by malware, a Spanish newspaper has claimed. The Spanair plane took off from Madrid to fly to the Canary Islands on 20 August 2008, but failed to clear the runway. Of the [...]
Google Apps gets FISMA-certified for government work
Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail. via Google Apps gets FISMA-certified for government work.
Data breach prevention top of mind for healthcare IT decision makers (WTN News)
According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations [...]
PCI Update Gets Mixed Reviews
There’s one section in the standard that is more important than any other, says Tom Wills, security and fraud senior analyst at Javelin Strategy and Research. Requirement 6.2 – “apply a risk-based approach for addressing vulnerabilities” – needs to become the over-arching requirement in the entire standard, he says. “This would mean all security controls [...]
Changes to PCI Data Security Standard leave questions unanswered
“But what is glaringly lacking is progress on the hard and most important issues, including the implications of adopting alternative technologies” on PCI compliance requirements, she said. According to Litan, many Gartner clients are trying to understand whether their adoption of new technologies such as chip cards, tokenization and end-to-end encryption will limit the scope [...]
PCI DSS and PA-DSS 2.0 Are Here – Almost
Well the long wait is beginning to end as the PCI SSC let us see some more information on the new PCI DSS and PA-DSS. On August 12, the PCI SSC drew back the curtain on PCI DSS 2.0 and PA-DSS 2.0 by issuing a Summary of Changes document. via PCI DSS and PA-DSS 2.0 [...]
PCI DSS 2.0 – Emphasis on Card Data Discovery (CDD)
“They’ll say, ‘we found data on the most obscure parts of our network, we had no idea it was there,’” Russo says. “We need some methodology to find cardholder data.” Recommendations for that will include data-loss prevention technologies or discovery tools to find cardholder data, Russo says. via Revisions to credit card security standard on [...]
Revisions to credit card security standard on the way
It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it. via Revisions to credit card security [...]
