The PCI Security Standards Council (PCI SSC), which oversees the PCI (Payment Card Industry) Data Security Standard that card-accepting retailers must follow, today announced that nominations for election to the 2011-2013 PCI SSC board of advisors are now being accepted
via Nominations Open for PCI Board.
“Grey’s Anatomy” placed second, with 7 violations per episode, including an incident in which Meredith (Ellen Pompeo) shares patient info with someone not authorized to receive it. That is a HIPAA violation.
via 30 Rock is Biggest Ethics Violator on TV | WorstPreviews.com.
Last week, Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies. At one level, the increased visibility, attention to PCI compliance and stricter validation regime should reduce data breaches at unsecure franchise locations.
via StorefrontBacktalk » Search Results » corporate franchise servicer.
A Nigerian man has been sentenced to 12 years in prison for sending out fraudulent e-mails offering victims big bucks in exchange for moving cash to the United States.
Okpako Mike Diamreyan, 31, was sentenced to 151 months of prison Wednesday by United States District Judge Janet Hall in Bridgeport, Connecticut.
via Nigerian advance-fee scammer gets 12 years.
Zeldon Morris, a Provo, Utah computer contractor, was sentenced on Wednesday to more than five years in prison after pleading guilty to stealing close to $2 million from four credit unions that he performed IT services for.
via Computer contractor gets five years for $2M credit union theft.
A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities
via Health worker is first HIPAA privacy violator to get jail time – SC Magazine US.
Hacker Albert Gonzalez is sentenced to 20 years in prison for his role in hacking TJX, Barnes & Noble, OfficeMax and other retailers. He faces the possibility of more time behind bars when he is sentenced for his role in hacking a slew of other companies, including Heartland Payment Systems.
via Gonzalez Gets 20 Years in Hacker Case – Security from eWeek.
There is built in framework support for RBI Compliance, NSE, BSE, MCDEX, PCI, ISO, COBiT, SOX, BASEL II, HIPAA, FISMA, and other country specific frameworks which are ready to use. SecureGRC has a not-so-far-seen value-add in terms of integrating, synergizing and transforming information from various sources into alert raising actionable solutions, helping in identifying the source of the attempted attack through pattern and correlation analysis, and plugging the loop hole before it takes major dimensions.
When it comes to franchise-based retailers, PCI Compliance is broken, plain and simple. It simply does not address the complexities of the franchisee/franchisor business model and, in the end, leaves the franchisor holding the bag. Because each franchisee is a separate merchant, most large franchise organizations are only required to meet PCI Level 4 requirements. Chains are forced to make tough decisions about how much risk they are willing to accept and what they are willing (or not willing) to do to protect their brand integrity.
via StorefrontBacktalk » Blog Archive » When It Comes To PCI Compliance, Franchisors Are Screwed.
By now, many of you have read the newly released ISO 31000 Risk management — Principles and guidelines standard. (Others may have seen its release draft or be familiar with its predecessor the AS/NZS 4360 standard.)
It provides a well-written, step-by-step guide to risk management processes that can be applied to whole organizations, or any part thereof. So far, it has received well-deserved praise for its surprising brevity and consolidated value. These are especially important characteristics for a document with as lofty a goal as standardizing what it calls “an integral part of all organizational processes.”
via The Forrester Blog For Security & Risk Professionals.