Agency Infosec Spend a Mystery to OMB
The White House Office of Management and Budget does not know how much its departments and agencies specifically spend on IT security, Federal CIO Vivek Kundra told a Senate panel Thursday.
Kundra said he was shocked to learn that the OMB never collected from agencies specific IT security expenditures, just aggregate data, when he took over [...]
Tokenization Vs. End to End Encryption #PCI
A recent study conducted by PriceWaterhouseCoopers on behalf of the Payment Card Industry Security Standards Council shows that end to end encryption and tokenization are the top choices for companies seeking to employ new emerging technologies to protect payment card and other critical data. And both approaches have their public proponents, including Heartland Payment Systems [...]
Call centre data standards ‘routinely ignored’ #PCI
More than 95% of call centres were found to store customers’ credit card details in recordings of phone conversations in breach of industry rules, according to a survey conducted by a call recording technology company.
Veritape said that when it talked to 133 call centre managers, only 39% of them knew about industry rules against the [...]
HEARTLAND Lawsuit filed #PCI
Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.
This is a class action lawsuit brought by the FI Plaintiffs,
individually, and on behalf of similarly situated banks, credit unions and
other financial institutions that [...]
Express Scripts: 700,000 notified after extortion – Network World
Nearly one year after being hacked by computer extortionists, pharmacy benefits management company Express Scripts now says hundreds of thousands of members may have had their information breached because of the incident.
Last November, the company reported that someone had threatened to expose millions of customer prescription records, but it has come under criticism for being [...]
The Two Scenarios Coming From The PWC PCI Report
The consultants at PWC began with an analysis of 12 security technologies that emerged from 160 interviews with industry players, and then narrowed the list for their “deep dive” investigation to several that they concluded had the best potential to be automated, could be integrated with existing infrastructures and could have a meaningful potential impact [...]
Mixed PCI DSS compliance puts consumers at risk | 23 Sep 2009 | ComputerWeekly.com
Some 79% of US and multinational companies surveyed said they had lost credit card information, yet only 29% use PCI DSS as part of their security strategy.
Over half (55%) said they focus on protecting only credit card data and do not attempt to secure other sensitive customer information, the survey showed.
via Mixed PCI DSS compliance [...]
HHS guts health-care breach notification law, groups warn
However, in an interim final rule published late last month, the HHS introduced a new “harm threshold” for breach notification which critics say completely guts the original intent of the bill. Under the change, health-care entities will be required to publicly disclose breaches involving health-care data only if they think the breach will cause financial [...]
4 Ways to Get the Most from Your PCI QSAs – CSO Online – Security and Risk
4 Ways to Get the Most from Your PCI QSAs
In response to Heartland CEO Robert Carr’s claim that his qualified security assessors (QSAs) missed key weaknesses during a PCI security audit of his company, security experts offer tips to get the most from an assessment.
via 4 Ways to Get the Most from Your PCI [...]
Solution Providers’ Input Sought for #PCI Security Standard Update – Security
Solution providers who have been frustrated by the PCI DSS now have the chance to voice their positions and request changes. The PCI Security Standards Council is currently soliciting feedback as it prepares to update the standard.
Stakeholders in the compliance process have through the end of October to offer feedback and critiques, with some of [...]
