Forrester has launched an online community for security and risk professionals. The community is a place for security and risk professionals to exchange ideas, opinions, and real-world solutions with each other. Forrester analysts will also be part of the community, helping facilitate the discussions and sharing their views.
via Join Forrester’s New Online Community For Security & Risk Professionals! | Forrester Blogs.
The National Institute of Standards and Technology has completed its first major reorganization in 20 years. It has reduced the number of laboratories, realigned the remaining ones along mission-based lines and created a more hierarchical leadership structure.
The reorganization, which became effective Oct. 1, replaces the single deputy director under NIST Director Patrick Gallagher with three career associate directors and reduces the number of laboratories from 10 to six. The Information Technology Lab, which includes the Computer Security Division, is one of the six. The realignment does not change the focus of NIST programs or the underlying missions, said IT Lab Director Cita Furlani.
via NIST reduces and consolidates its labs in reorganization — Government Computer News.
CyberScope is supposed to be the federal government’s new standard tool for continuous security monitoring. So far, however, the vast majority of federal CIOs say they don’t understand the technology’s mission and goals, and only 15 percent have used it at all.
The deadline for filing FISMA security compliance reports using the new CyberScope tool is Nov. 15.
via Fed Study: 85 Percent Of Agencies Still Not Using CyberScope – compliance/Security – DarkReading.
Merchants are most likely to remain compliant with the Payment Card Industry Data Security Standards and avoid data breaches if they adopt security as a “lifestyle,” according to a study released earlier this week by Verizon Business. Verizon Business provides audits and other PCI-related services.
via News.
In a new document, “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” (PDF), the standards group offers guidance on what organizations should look for when acquiring and purchasing encryption technology to protect credit cardholder data as it is authorized and transported into a database.
via PCI Council Offers Guidance On Point-To-Point Encryption – compliance/Security – DarkReading.
Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.
One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.
via Will PCI Outsourcing Kill Conversion Rates? — eCommerce-Guide.com.
The overall intent of both of these standards is to stop insecure applications from being placed in production. The intent of requirement 6.5 is to ensure that secure coding techniques are part of the system development lifecycle (SDLC) and that the most obvious errors, at the moment those are the OWASP Top 10, have been addressed during development. The intent of requirement 6.6 is to ensure that either code reviews are conducted or an application firewall is used to protect applications.
via Secure Coding And Application Vulnerability Scanning « PCI Guru.
Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats.
via Meeting the new PCI wireless requirements.
The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol
via NIST blesses network access, desktop security.
A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.
via HIPAA Violations: UPMC Employee Criminally Indicted.
