PCI DSS, the Payment Card Industry Data Security Standard, is a set of standards that, more than many regulatory and compliance efforts, has real world relevance. PCI compliance can earn merchants tiered interchange rates and protection from fraud losses, while a lack of compliance can result in monthly fines of thousands or tens of thousands of dollars per month. Unlike some compliance efforts with relatively small penalties that are unlikely to be applied, PCI compliance has significant financial implications with a high probability of impact.
PCI DSS 2.0 is being released today. Earlier, we took a look ahead at some issues around PCI in a piece that you can read here.
So, now that we are on the cusp of a new set of standards, what’s new? Read More »
Tags: pci, pci-dss, security, standards
How does Cisco deal with cyber threats from the web? How does Cisco protect any device on a network? The following video will give you an update from Cisco CSIRT’s Gavin Reid on how Cisco is combating this increasing threat.
Tags: CSIRT, security, TRAC
In May, I talked a bit about compensating controls and their value in layered defenses. The Wall Street Journal recently detailed what appears to be another significant failure of detective controls, as Dubai police worked with national governments to apprehend suspects in the assassination of Mahmoud al-Mabhouh. Authorities in Dubai posted about 30 minutes of video footage to YouTube shortly after al-Mabhouh’s January death. The videos showed a significant amount of coordination and investigation to tie together more than two dozen suspects over several locations throughout Dubai. Now, nine months later, despite this tremendous investigative effort, the trail shows few signs of progress. But when looked at from the perspective of incident response, even a spectacular failure can be a successful lesson learned for tomorrow.
Read More »
How many times have you been approached by your employees asking for permission to work from home instead of coming into the office? Your immediate reaction probably includes head nodding, quickly followed by questions surrounding the resourcing that is required to make this desire a reality. In a recent Cisco study, “The Cisco Connected World Report,” respondents indicated companies that afford their employees the flexibility to work remotely are more attractive employers.
Should companies allow remote worker access? Read More »
Tags: remote worker, security
Over September 15-17 at the 1st Interpol Information Security Conference (iisc2010.org), more than 300 delegates from 188 countries came to Hong Kong, and under the care of Interpol and the Hong Kong Police Department, spoke candidly and collaboratively about Information Security and the common challenges we all face. In his welcoming address, Interpol’s Secretary-General Ron Noble mentioned how a Facebook page was created in his name in an attempt to confuse others and socially engineer colleagues. The Hong Kong Commissioner of Police opened his address by comparing technology to the moon: it has a bright side and a dark side. Both speeches hold in common that technology is ubiquitous, we must continue to keep criminal activity at bay, and that the Internet’s global reach means we all share in its continued success and must remain vigilant to protect it from the threats against it. Read More »
Tags: Interpol, security