OWASP Top10 2010 Released
Today, OWASP has released an updated report capturing the top ten risks associated with the use of web applications in an enterprise. This colorful 22 page report is packed with examples and details that explain these risks to software developers, managers, and anyone interested in the future of web security. Everything at OWASP is free [...]
PCI Council readying end-to-end encryption guidance
The PCI Security Standards Council is studying a number of emerging technologies and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October. Bob Russo, general manager of the PCI Council, said researchers are preparing documentation on what [...]
PCI Security Standards Council readying new payment-card security standard
The Payment Card Industry data security standards, which influence design of networks where sensitive payment-card account data is stored, are expected to be further revised by the PCI Security Standards Council over the next few months. Bob Russo, general manager of the PCI Security Standards Council, says that by early summer the organization expects to [...]
No major #PCI DSS revision expected in 2010
PCI Security Standards Council general manager Bob Russo said the next revision of the Payment Card Industry Data Security Standard (PCI DSS), due in October, will contain clarifications but no major changes to the standard. via No major PCI DSS revision expected in 2010.
MasterCard: December PCI Deadline Change Not For Holiday Conflict
MasterCard’s decision to reverse itself on its end of year 2010 deadline for new Level 2 PCI requirements was not based on retail complaints or on avoiding the hectic holiday period for merchants, according to a key MasterCard manager heading up the effort. Instead, the change was based on giving retailers more time to work [...]
Pharmacists and Consumer, Privacy Advocates Urge Feds to Investigate CVS Caremark for Alleged HIPAA Violations
The Health Insurance Portability and Accountability Act (HIPAA) allows CVS Caremark access to information on patients covered by its pharmacy benefit manager for administering claims and other limited purposes. Company letters collected by NCPA document CVS Caremark tapping into personal medical histories for marketing purposes, such as to urge patients to switch an existing prescription [...]
Call centre data standards ‘routinely ignored’ #PCI
More than 95% of call centres were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company. Veritape said that when it talked to 133 call centre managers, only 39% of them knew about industry rules against [...]
Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues
Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance via StorefrontBacktalk » Blog Archive » Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues.
IT managers under-estimate the impact of data loss: survey
A mere seven per cent of respondents to a survey on data management believed data loss has a “high” impact on a business. via IT managers under-estimate the impact of data loss: survey – Network World.
PCI Security Standards Council Invites Industry Feedback
In response to a letter from several retail trade associations suggesting changes in PCI (Payment Card Industry) data security standards, the PCI Security Standards Council here invited the trade groups to participate in the feedback process beginning on July 1 to shape the next version of the standard. “We encourage all Participating Organization stakeholders, including [...]
