Cisco Blogs


Cisco Blog > Security

PCI-related Observations from RSA 2013

As a frequent attendee of the US RSA Conference in the past, this year I had the opportunity to work in the Cisco booth on the exhibition floor. This year’s RSA event was very busy, it seemed like there was a continuous flow of people and energy across the show floor. I had the pleasure of staffing Cisco’s Compliance Solution demonstration where we test people’s knowledge of PCI compliance. This is one of my favorite demos/stations to operate because it rewards people for their hard learned knowledge and skill on the topic with a prize instead of the normal random drawing (if you get the highest score in the shortest amount of time, you’re the winner!). I was surprised by the number of attendees that did not want to take our quiz. Was it a fear of being put on the spot? Or were they just not very knowledgeable about PCI? I consider the RSA conference as a security minded conference and thought a solid business driver like PCI Compliance would be front and center for many security professionals that often have to justify security purchases. Further, given the proliferation of data breaches across all industry segments, this should be a top of mind topic. Many industries outside of retail accept credit cards for payment of services and products (e.g., hospital co-pays, DMV fees, city permits, Insurance payments, hotels, transit stations) so when all three days of the quiz were won by retailers I was a bit surprised. I would have expected a few security vendors or professionals to have won at least one day! Read More »

Tags: , , , ,

Becoming PCI certified…is this within reach?

Anyone who has been involved with compliance knows that simplifying complexity is the key to maintaining a secure and compliant organization. It’s become quite apparent that sustaining compliance is a marathon, and the journey must be travelled with vigilance. This is not something that is an endpoint or a task, that once accomplished, can be shelved and forgotten; therefore, it is very helpful for merchants, who wish to become compliant or maintain compliance, to purchase solutions that are “certified.”

The fact that you are purchasing a product that’s already been validated as secure and “capable” of being compliant reduces the complexity and uncertainty associated with big-ticket items. Adding new credit card readers or a payment application in your stores is expensive, and knowing that these products are validated by the Payment Card Industry (PCI) Council gives merchants confidence that they’re making a wise and secure decision.   Read More »

Tags: , , , , , , ,

Three Transitions Driving Net-Centric Security

When I think about IT security, I don’t immediately start thinking about threats, hackers and countermeasures, but begin with what is happening to IT in general. Right now, the three big megatrends in IT can be summed up in three words: virtualization, collaboration, and mobility. Unfortunately, it’s become something of a Newtonian principle that any action driving information technology forward generates an equal or greater counteraction by hackers to corrupt and exploit the new technology. I also find it disconcerting that at any given time, the most aggressively marketed “solutions” to IT security problems represent a trailing indicator of what cyber criminals are actually doing to raise hell. Read More »

Tags: , , , , , , , ,

Securing Your Company’s Data in a Mobile World

Mobile workers accessing corporate applications and data from a range of personal and corporate devices is fast becoming the new normal. Month by month every survey confirms the inevitable—mixing personal and business data, devices, and apps. Companies are scrambling amidst a sea of new technologies to regain control of their IT infrastructure, and those thinking ahead are planning for more than just tolerance of personal data and scaling mobile access; they’re building the next evolution of application access, which is based on consistent policies for application and data across any access method or device. These architectures demand an integrated system that spans device, network, and application layers, and they demand policies for employee access based on much more than user name and password. Read More »

Tags: , , , , , ,

Why the Cisco SIO Portal Doesn’t Give Out Candy

“Change is inevitable—except from a vending machine.”

In the spirit of Robert C. Gallagher’s famous quote—and in our quest to never be a vending machine—we’ve rolled out several updates to Cisco’s Security Intelligence Operations (SIO) Portal which I trust you will find useful. Thanks to your feedback, we continue to evolve the Portal to ensure that relevant security content is where you need it, when you need it. Providing timely information to our customers requires not only a global team of Cisco security experts to pipeline the latest information, but a complementary team who ensures that the most significant issues are also the most visible. In fact, that’s the most exciting change we made: a new ‘Security Highlights’ tab which allows a cross-functional group, led by our content managers, to call out the most important issues to our customers. That way, instead of looking at IntelliShield alerts, Cisco Security Notices, or Event Responses individually when time is scarce, this new tab gives you an at-a-glance view of Cisco security content our experts feel is most pressing given all of the events into which we have a view.

Read More »

Tags: , , , , , ,