Cisco Blogs


Cisco Blog > Security

Compliance-minded? Join the Conversation!

Share your knowledge by taking the 5-minute Cisco Regulatory and Industry Compliance Survey

Greetings from Cisco’s Compliance Solutions team!

Over the past several years, we have developed an architectural approach to achieving and maintaining regulatory and industry compliance. Our latest work provides – in great detail – both a framework for achieving PCI DSS compliance and recommendations about how to make your Cisco-based network PCI compliant.

To address the topic with authority, we integrated Cisco and technology partner products together into a comprehensive solution based on foundational Cisco architectures, had a QSA auditor – Verizon Business – assess it for PCI DSS 2.0 compliance, and documented the results in a publicly-available Design and Implementation Guide which can be found here: www.cisco.com/go/pci

Our team’s broader vision is to enable Cisco customers to manage risk by achieving and maintaining compliance with a broad range of regulatory and industry mandates. We believe that

  1. Your challenges around compliance are growing and that you are looking for sound guidance as you work to achieve and maintain compliance with multiple mandates;
  2. The value we deliver starts with a thoughtfully-developed architectural framework but also includes a broad array of Cisco and partner technology that has been tested and assessed by third party auditors;
  3. Integrated and proven compliance solutions will give you confidence in Cisco’s ability to act as the foundation for achieving and maintaining compliance.

Looking forward, we plan to engage in conversations with our readers. You will hear from the team regularly on a variety of topics and we’ll ask about your views as they relate to compliance. Your thoughtful responses will help guide our future work.

In that spirit, we are very interested in your thoughts right now! We developed the “2012 Cisco Regulatory and Industry Compliance Survey” which can be found at:
https://www.ciscofeedback.vovici.com/se.ashx?s=6A5348A773762B88

The survey is anonymous and it will take about 5 minutes to complete. In future blog posts, we will share the results with you.

Thanks in advance for your contribution.

Cisco Compliance Solutions Group
www.cisco.com/go/pci

Tags: , , , ,

Anatomy of a Data Breach: Part 1

Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids.  However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser.  In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…

With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us.  So, how are these breaches continuing despite all of the efforts to secure customer data?  In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.

Anatomy of a Data Breach:

It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today.  It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information.  Complex, heterogeneous IT environments make data protection and threat response very difficult.

Read More »

Tags: , , , , , ,

Cisco Common Crypto Module is now FIPS certified!

December 2, 2011 at 11:40 am PST

The Global Certification Team is proud to announce the FIPS Certification of the Cisco Common Crypto Module (C3M).  The Official listing can be found on the NIST website at http://goo.gl/3vPaa.

The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco’s networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols.

Tags: , , , , , , , , , , , ,

Thankful for…the privacy of my patient data

If you happened to have your Thanksgiving meal last week with a person of Greek heritage, you may have heard them toast “Yia mas”, that literally means “to our health”. And that is exactly what I am thankful for each day, my family’s health.

I am also thankful for the health of our wireless business, which is going great thanks to professionals such as doctors, and nurses that want to want to use their personal devices (smartphones and tablets) at work.

At Cisco we have long been talking about how we enable this proliferation of devices in the workplace and how we make it easier for IT to onboard and troubleshoot these “un-managed” devices. We also provide a robust wireless infrastructure that enables these professionals by providing the best possible mobile experience. But the trend of personal devices in the workplace does pose a valid concern: “As more and more doctors start using their personal iPads at work, will my patient data be secure?”

Curiosity got the better of me, and I decided to look at some data over the long weekend to better understand how healthcare data breaches occur. This is by no means a scientific analysis, I just crunched some data I downloaded from the U.S. Department of Health and Human Services website (hss.gov), so the findings are not conclusive, but rather indicative of what is happening. The data represents HIPAA breaches of 500 or more records per incident over the past 2-year period.

Here is what the data says: Read More »

Tags: , , , , , , , , ,

Invitation to Cisco Webcast on how to manage Mobility in the Retail Store on October 20th, 2011

Consumers today are highly attached to mobile technology and are using it as part of their daily lives and shopping experiences.  According to Nielson forty percent of mobile consumers over 18 in the U.S. now have smartphones.  As these users consume bandwidth to send and retrieve content from SMS, MMS, Email, and social media apps such as Facebook, YouTube and Twitter that supports pictures and videos, they are increasingly looking to Wi Fi to improve their experience.

Are retailers offer their shopping channels (including store, web, voice and social media) to consumers, the consumers are expecting to be able to use their mobile device across all the channels whereever they are, at home, at work, and IN YOUR STORE.

As a retailer, facilitating mobility in the retail store can differentiate you from the competition, plus help you meet the soaring expectations of your customers. On the other hand, allowing access to your wireless network poses potential risks. You’ve got to ensure the security of your data, comply with PCI mandates, prevent misuse and interference, and provide consistent bandwidth for your own operations.

For help retailers address this issue, we are hosting a webcast on October 20th 10:00am Pacific Time titled 

Mobility in the Store: Managing Your Network for Today’s Empowered Shoppers

Read More »

Tags: , , , , , , , , ,