BSA targets Perth with Software Compliance Check
Small to medium businesses in Perth are being asked to check if their software is legit during a new campaign by the Business Software Alliance (BSA) Australia.
Hamish Barwick | 21 Sep | Read more
Small to medium businesses in Perth are being asked to check if their software is legit during a new campaign by the Business Software Alliance (BSA) Australia.
Hamish Barwick | 21 Sep | Read more
The PCI Security Standards Council today is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.
Ellen Messmer | 16 Sep | Read more
I have created my own interpretation of what a good pragmatic Security Operations Model (SOM) would look like. This has been adapted from a number of Security Frameworks and Industry Good Practices like ITIL, COBIT, NIST, OCTAVE, OWASP and the ever present ISO 27001/2 all of which have an input into the structure and makeup of an effective security operations framework or security operations model.
Puneet Kukreja | 13 Sep | Read more
GlobalSign expects to bring its certificate-issuing systems back online on Monday, and resume business Tuesday, it said over the weekend. The U.S. certificate authority (CA) stopped issuing new SSL certificates last Tuesday in order to audit its security, after being named as a target by the hacker who claimed to have attacked Dutch CA DigiNotar.
John Ribeiro | 12 Sep | Read more
Payment Card Industry (PCI) Data Security Standards (DSS) refer to a set of standards that must be followed by big and small businesses alike when accepting, storing, processing and transmitting customers’ credit card information. To be compliant with PCI standards, all business owners, including online retailers, should adhere to 12 PCI compliance requirements for best security practices.
Businesses of all sizes must undertake PCI compliance auditing to ensure that their customers' data is protected during credit or debit card transactions and if stored within any internal business databases.
If you're business is obliged to undertake a PCI audit, then following a PCI Compliance checklist will ensure that you're security processes and payment processing meet the compliance standards. To ensure that you are meeting PCI compliance standards, you'll need to start by looking at what exactly PCI compliant means.
If you operate, own or hold a management role in an Australian business that stores, transmits and processes customer payment data, you may have recently been contacted by your bank regarding your PCI compliance status.
If you're wondering exactly what is PCI compliance, the chances are you're one of the many business owners in Australia who've asked themselves this same question. Before answering this question, it's useful to begin by looking at what PCI (and its counterpart DSS) stands for.
CenITex, the Victorian Government's shared services IT agency, will adopt a new IT governance, risk and compliance (ITGRC) package to improve its information security function.
Tim Lohman | 31 Aug | Read more
The Payment Card Industry <a href="http://www.networkworld.com/topics/security.html">Security</a> Standards Council today published guidelines aimed at helping merchants and others processing payment cards make effective use of what's known as "tokenization" technologies to conceal sensitive account information.
Ellen Messmer | 13 Aug | Read more
Cloud computing seems simple in concept, and indeed, simplicity of operation, deployment and licensing are its most appealing assets. But when it comes to questions of compliance, once you scratch the surface you'll find more questions than you asked in the first place, and more to think about than ever before.
Jim Buchanan | 09 Aug | Read more
Optus has been awarded PCI DSS compliance for its Business SmartPay system, making it the first telco to achieve such a status in Australia and New Zealand.
Lisa Banks | 09 Aug | Read more
While still not great, the operating systems behind Apple desktops, laptops and phones are getting more secure, <a href="http://www.networkworld.com/news/2011/080411-blackhat-overview.html?hpg1=bn">researchers at Black Hat</a> say.While not recommended for corporate use unless it’s in islands within larger networks, the OSX operating system has made strides, says Alex Stamos, who lead a team of researchers from iSec Partners that researched the OSX and Windows 7 operating systems.
Tim Greene | 08 Aug | Read more
Prior to June hackers successfully breached “a series” of Australian merchants’ computers and gained customer card data, according to the Australian Federal Police.
The Queensland Police Service (QPS) is to shortly carry out a series of Payment Card Industry (PCI) compliance assessments and reviews aimed at addressing any deficiencies or gaps in current ICT systems.
Tim Lohman | 29 Jun | Read more
After several large breaches -- including the <a href="http://blogs.csoonline.com/1457/epsilon_hack_notification_letters">Epsilon</a>, <a href="http://www.csoonline.com/article/680689/sony-playstation-network-personal-user-data-stolen">Sony</a>, and <a href="http://www.csoonline.com/article/684463/citigroup-reveals-breach-affected-over-360-000-cards">Citigroup</a> incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.
George V. Hulme | 27 Jun | Read more
The PCI Security Standards Council has released its long-awaited guidance on how mobile payment acceptance applications can meet PCI standards.
Jaikumar Vijayan | 25 Jun | Read more
The recession's many corporate pressures didn't have any impact on the Sarbanes-Oxley compliance work of finance and audit executives, according to <a href="http://www.protiviti.com/soxsurvey">research by the internal audit and consulting firm Protiviti</a>.
Roy Harris | 22 Jun | Read more
Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than in the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP.
Joel Snyder | 20 Jun | Read more