PCI & Compliance — News

Security Operations the Final Frontier – Part II

I have created my own interpretation of what a good pragmatic Security Operations Model (SOM) would look like. This has been adapted from a number of Security Frameworks and Industry Good Practices like ITIL, COBIT, NIST, OCTAVE, OWASP and the ever present ISO 27001/2 all of which have an input into the structure and makeup of an effective security operations framework or security operations model.

Puneet Kukreja | 13 Sep | Read more

GlobalSign plans to reopen Tuesday despite web server hack

GlobalSign expects to bring its certificate-issuing systems back online on Monday, and resume business Tuesday, it said over the weekend. The U.S. certificate authority (CA) stopped issuing new SSL certificates last Tuesday in order to audit its security, after being named as a target by the hacker who claimed to have attacked Dutch CA DigiNotar.

John Ribeiro | 12 Sep | Read more

PCI compliance requirements for Aussie businesses

Payment Card Industry (PCI) Data Security Standards (DSS) refer to a set of standards that must be followed by big and small businesses alike when accepting, storing, processing and transmitting customers’ credit card information. To be compliant with PCI standards, all business owners, including online retailers, should adhere to 12 PCI compliance requirements for best security practices.

CIO Staff | 09 Sep | Read more

Understanding PCI compliance auditing

Businesses of all sizes must undertake PCI compliance auditing to ensure that their customers' data is protected during credit or debit card transactions and if stored within any internal business databases.

CIO Staff | 09 Sep | Read more

PCI compliance checklist

If you're business is obliged to undertake a PCI audit, then following a PCI Compliance checklist will ensure that you're security processes and payment processing meet the compliance standards. To ensure that you are meeting PCI compliance standards, you'll need to start by looking at what exactly PCI compliant means.

CIO Staff | 09 Sep | Read more

PCI compliance services in Australia

If you operate, own or hold a management role in an Australian business that stores, transmits and processes customer payment data, you may have recently been contacted by your bank regarding your PCI compliance status.

CIO Staff | 09 Sep | Read more

What is PCI compliance?

If you're wondering exactly what is PCI compliance, the chances are you're one of the many business owners in Australia who've asked themselves this same question. Before answering this question, it's useful to begin by looking at what PCI (and its counterpart DSS) stands for.

CIO Staff | 09 Sep | Read more

Cloud computing: 4 tips for regulatory compliance

Cloud computing seems simple in concept, and indeed, simplicity of operation, deployment and licensing are its most appealing assets. But when it comes to questions of compliance, once you scratch the surface you'll find more questions than you asked in the first place, and more to think about than ever before.

Jim Buchanan | 09 Aug | Read more

Black Hat: Apple does well but Microsoft does better with enterprise security

While still not great, the operating systems behind Apple desktops, laptops and phones are getting more secure, <a href="http://www.networkworld.com/news/2011/080411-blackhat-overview.html?hpg1=bn">researchers at Black Hat</a>  say.While not recommended for corporate use unless it’s in islands within larger networks, the OSX operating system has made strides, says Alex Stamos, who lead a team of researchers from iSec Partners that researched the OSX and Windows 7 operating systems.

Tim Greene | 08 Aug | Read more

They're back! Data breach notification bills resurface

After several large breaches -- including the <a href="http://blogs.csoonline.com/1457/epsilon_hack_notification_letters">Epsilon</a>, <a href="http://www.csoonline.com/article/680689/sony-playstation-network-personal-user-data-stolen">Sony</a>, and <a href="http://www.csoonline.com/article/684463/citigroup-reveals-breach-affected-over-360-000-cards">Citigroup</a> incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.

George V. Hulme | 27 Jun | Read more

Vulnerability analyzers offer Web scanning as an option

Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than in the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP. 

Joel Snyder | 20 Jun | Read more