Many people wonder what it takes to be PCI compliant. More importantly, people want to know the difference between PCI, FISMA, DIACAP and STIG. With so much alphabet soup, one has to wonder what it all means, and what is the best way to navigate these waters.
I’m not here to provide you with all the answers, but I can certainly help you to understand where PCI fits into the picture.
Read More »
Tags: compliance, cyber crime, government, pci, privacy, security
I was reading an article recently about what auditors really think about the security and compliance requirements that they test for when doing a PCI DSS compliance audit. I was more than a little surprised to read that over 60% of the 505 auditors in the study referenced said the organizations they audit don’t believe compliance improves their data security effectiveness. I’m a bit perplexed by that. After all, there are only 12 requirements in the PCS DSS specification, and they seem pretty straightforward and simple to me. Read More »
Tags: compliance, government, merchant, military, pci, retail, security
While Cloud Computing is getting the majority of the headlines within the IT industry, it could easily be argued that no industry is going through as much change as Healthcare. Whether it’s Healthcare reform in the United States, the rollout of Telemedicine solutions (by corporations and municipalities), or online collaboration to educate and discuss outbreaks and crisis, the business of keeping people well is going through radical change. Not only are the economics of Healthcare being forced to change, but so to is the technology that allows doctors to deliver care, medical records to be stored and researchers to find the next cure.
This past week I had the opportunity to present at the NCHICA “Health Information in the Cloud” along with experts from industry, technology, law and standards-bodies. The conference focused on many aspects of Healthcare + Cloud, including HIPPA standards, Legal and Compliance considerations, Security, Deployments in Public vs. Private Clouds, offerings from Managed Service Providers and real-world case studies (presentations can be found here and here). The presentation we gave focused on the infrastructure required to build Private Cloud.
Read More »
Tags: Auditing, Cloud Computing, Cloud Security Alliance, compliance, healthcare, NCHICA, private cloud, Public Cloud, security
Will PCI 2.0 Bring Virtual Relief to Real Questions?
PCI Data Security Standard (PCI DSS) 1.2.1, which is a set of standards for retail and other verticals that defines the requirements for security compliance, is relatively simple and straightforward. 12 requirements define the spirit and intent of the standard. These are good, common sense guidelines and best practices that are derived from decades of experience keeping customer data secure. However, there are areas where PCI DSS could do a better job of handling what has become common, well accepted practices; virtualization is one of those areas. Read More »
Tags: compliance, pci, pci-dss, security, virtualization