PCI & Compliance — News

Nearly half of employees inadequately trained on Privacy Act compliance

Only 54 percent of workers believe their employers have given them adequate training about how to preserve the privacy of customers' personally identifiable information (PII), a new survey has found as privacy authorities spruik a new privacy management framework designed to help Australian organisations improve privacy compliance efforts that have been slammed as inconsistent and unbelievable by consumers.

David Braue | 08 May | Read more

The human firewall has a soft spot: you

For all the talk about the importance of new security technologies, the importance of staff buying into corporate security strategies is often underestimated. In every case, the predictable result is the same: a strong technological barrier whose effectiveness is immediately compromised once a legitimate user, with legitimate access to internal resources, clicks on a phishing email designed to load malware onto their computer.

David Braue | 12 Mar | Read more

The 2015 Social Engineering Survival Guide

Despite being an integral aspect of many, if not most, major attacks, social engineering tactics always seem to go underappreciated by enterprise security teams. However, it's often easier to trick someone into opening an email and exploiting a vulnerability that way, or convincing an unsuspecting assistant to provide a few useful bits of information, than it is to directly attack a web application or network connection.

George V. Hulme | 23 Jan | Read more

Five Key Challenges Facing CSOs Today

2012 has been a tough year for IT security and the trend seems to be continuing into 2013. We have now become accustomed to groups such as Anonymous that have wreaked havoc on a number of large government and corporate organisations. A new frontier in cyber threats has opened. The driver for cyber intrusion is no longer fame, but theft of intellectual property, financial information, blueprints and other classified information for financial gain.

Ashwin Pal | 10 Jul | Read more

How to protect online transactions

The trusty telephone is emerging as one of the key elements in new multifactor authentication schemes designed to protect online banking and other web-based financial transactions from rapidly evolving <a href="http://www.networkworld.com/topics/security.html">security</a> threats.

Julie Sartain | 07 Feb | Read more

SaaS, APTs and asymmetric risk take spotlight at Security Threats 2012

I had the opportunity to speak at a new security conference last week, Security Threats 2012. I presented on the topic of balancing business benefits with risks in the cloud (more on that later), but the event touched on a wide range of pertinent IT topics, provoking stimulating discussions of some of the most pressing challenges business leaders are facing.

Bernard Golden | 03 Feb | Read more

End-to-End Encryption: The PCI Security Holy Grail

With groups like Anonymous actively looking to embarrass your company, laptops thefts occurring every second, and the recent poor <a href="http://www.cbsnews.com/8301-501465_162-57365004-501465/judge-americans-can-be-forced-to-decrypt-their-laptops/">US District Court ruling</a> on fifth amendment password protection rights, it is time you actually encrypt your data properly.

Ben Rothke and David Mundhenk | 02 Feb | Read more