For retailers and merchants, January 1st, 2012 is the deadline after which all audits for PCI compliance need to be at the Data Security Standards 2.0.  At Cisco we have invested  in education content as well as architecture designs for PCI 2.0  to help retailers address compliance and secure credit card data.

Need to learn about the basics of PCI 2.0?  Check out the following Fundamentals of PCI  YouTube Video

For a little more deeper education about PCI including navigating the ins and outs of compliance, dig into design and implementation, and tips for a successful audit, check out the following Cisco Techwise TV episode titled “Everything You Wanted to Know About PCI But Were Afraid to Ask”

Read More »

Tags: Cisco, credit card, DSS, HyTrust, Payment card, pci, retail, retailing, RSA, security, Techwise, VCE, Verizon Business

As our customers and partners well know, security has been front-of-mind for Cisco this year. As far back as February, our CEO John Chambers announced that security was to become a top engineering priority for the company. The pace of innovation and development has been rapid ever since.

During the year, we unveiled our context-aware distributed security solution, Secure X, introduced the Cisco Identity Services Engine to simplify management of organization-wide security policies, and we brought new security to branch offices by adding Cisco ISR Cloud Web Security to the Cisco ISR G2 branch router.

We also elevated the role of our amazing Cisco Threat Operations Centers in helping customers chart the escalation and sophistication of security threats designed to exploit new business models that emphasize mobility, social collaboration and cloud computing.

Even with all of this momentum in security, we still saw opportunities to do more; to move faster; and to address our customers’ security challenges more completely.

It’s with those goals in mind, that I am delighted to announce today a senior executive appointment to further strengthen Cisco’s security business. For the first time, the security engineering team will be led by an SVP, reporting directly to me. We are pleased to share that Chris Young will be joining Cisco in on November 14^th to fill this new leadership role.

Chris is an outstanding technology, business and security industry leader. He joins us from VMware, where he was Senior Vice President and General Manager, responsible for strategy, products, engineering and delivery across all of VMware’s end user computing solutions.

Prior to joining VMware, Chris served as Senior Vice President, products at RSA, the Security Division of EMC, where he was responsible for strategy, product management, product marketing, engineering and delivery of products across all of RSA’s Identity and Access Assurance, Security Information and Event Management, Governance Risk and Compliance (GRC), and Data Security solutions.

While at RSA, he built the company’s highly successful Identity Protection and Verification business, which includes products such as RSA Adaptive Authentication that today protects more than 200 million online bank accounts globally. Chris’ role grew to include responsibility for all products in the RSA portfolio and during his tenure he led several successful acquisitions, including Cyota Inc., Passmark and Archer Technologies among others.

Chris will assume responsibility for a new integrated security engineering team and for Cisco’s overall security vision. His new team combines our security technologies group and our global government security solutions into a single entity.

As we welcome Chris, we say goodbye to Tom Gillis, VP of our security technologies business unit. Tom joined Cisco through our acquisition of Ironport and has been instrumental in driving our overall security business thus far. Tom is keen to pursue his entrepreneurial passion outside Cisco. We thank Tom for his leadership and wish him well in his future endeavors.

We said during our Q2 earnings call that we would continue to take further actions that allow us to address market transitions with greater speed, agility and consistency. Today’s news is a good example of that commitment: we are evolving our operating model and investing in and strengthening our team with new talent in the process. We look forward to welcoming you to Cisco, Chris!

Tags: Chris Young, Cisco, RSA, security, VMware

Recently there has been a series of news items as enterprises announce they have been breached and their sensitive customer and financial records compromised.  According to Verizon 2011 Breach report 92% of the attacks were external and 76% of all data breached came from servers.  The PCI Security Standards Council is an open global forum formed in 2006 that is responsible for the PCI Data Security Standard (PCI DSS), a standard that is designed to protect cardholder data.

I sat down with Lindsay Parker, Cisco global retail industry director about Cisco’s current investments and efforts to help retailers and merchants secure customer credit card data and maintain compliance with PCI DSS.

Here are some key points from our conversation:

Read More »

Tags: Cisco, credit card, design guide, EMC, HyTrust, merchant, payment card industry, PCI Compliance, retail, retailing, RSA, security, VCE, Verizon Business

Yes, the question is “Are you really secure?” Now that I’ve asked a loaded question, let me get to the point.

The term “secure” sure has a lot of different meanings depending on the context in which it is used. If we take it from a corporate security perspective, your options are somewhat limited to physical security, as in video surveillance or physical access, or logical security, as in your laptop or data access. But, when you ask a security professional if they are secure, they will most certainly take that in the context of what they can control, and will most likely answer “yes”.

Well, what about the things you cannot control? You can control which products you buy to provide security, you control how they are installed and configured, and you control the processes and procedures that identify how they are managed and updated. But, can you control how they are manufactured?

Read More »

Tags: cloud security, cyber security, cybercrime, data center, information security, network security, privacy, RSA, secure information, secure-id, security, virtualization

Annalisa Giardina of the Cisco Marketing Team working the booth at RSA 2011

RSA 2011 was a big show for Cisco. We had a 30x30 booth with an in-booth theater, eight demo pods, speakers on several panels, and a keynote. Including speakers, the install and dismantle crew, and all of the booth staffers, we had a crew of around 100 people at the show. Demos included firewalls, virtualization, mobility, web, and security services. With the passing of Cisco Security Monitoring, Analysis, and Response System (MARS), a partner’s SIEM ecosystem display was of note, as were demonstrations of Cisco TrustSec, intrusion prevention, and Cisco Virtualization Experience Infrastructure (VXI). We also demonstrated Cisco AnyConnect running on an iPad, illustrating how Cisco can meet the needs of organizations grappling with the demands of the consumerization of IT and the security concerns that employee liable devices bring.

Read More »

Tags: architecture, Borderless Networks, Cisco, RSA, SecureX, security, Security Intelligence Operations (SIO), TrustSec