The Payment Card Industry Security Council recently released the PCI DSS tokenization guidelines clarifying how tokenization affects PCI compliance and securing cardholde data. I sat down the Christian Janoff, Cisco retail industry architect whose team has just finished work on the Cisco Design Guide for PCI DSS 2.0 to talk about his views about this guideline.
Christian’s view of the new tokenization guideline supplement are:
Read More »
Tags: christian janoff, payment card industry, PCI Compliance, retail, retailing, security, tokenization
Recently sample code was posted publicly that exploits a denial of service vulnerability in the Apache HTTP Server. This particular vulnerability is receiving considerable industry attention given the popularity of Apache httpd and amid reports that exploitation has been seen in the wild. This vulnerability has been assigned CVE ID CVE-2011-3192 and currently scores a 7.8/6.3 using CVSS.
By combining inefficiencies inside the web server software with a protocol design peculiarity, an attacker could consume substantial server CPU and memory by issuing requests that contain many overlapping Range or Request-Range values. Successful exploitation would consume server resources to the point of starving those needed to field legitimate requests from other users.
Read More »
Business-critical data should be secured at each point along its path—from remote devices to its destination
Although some security incidents are caused by malicious individuals, many data breaches are actually the result of a careless mistake or simple forgetfulness on the part of an employee that is then exploited by a hacker. An unsecured smartphone lost in the airport can allow anyone access to email accounts, for instance. Or a laptop with outdated antivirus software can easily be compromised by new attacks.
Regardless of how it happens, a data breach can suddenly put your company’s business-critical information at risk. With more information now in the cloud and places other than your own network, to fully protect your data, you need to make sure it’s secured in three places: on your employees’ devices, while in transit between those devices and the Internet, and at its destination, including possibly a service provider’s environment. Read More »
Tags: remote, security, vpn
Once again, it’s the perfect storm of IT pros, all-you-can-eat-buffets, and outstanding content on end-user computing, and it all starts next week!
But before I get to the part where I try to hijack your calendar with all the great Cisco VXI content available to you at VMworld 2011, I want to share some perspective from my visit to Metro Health in Grand Rapids Michigan last week. Read More »
Tags: atlantis, collaboration, EMC, netapp, security, teradici, UCS, VCE, vdi, VMware, vmworld, vxi
This blog was originally published here.
I recently had the good fortune of having dinner with the chief security officers (CSOs) from five major healthcare providers. The CSOs weren’t shy about what was plaguing them.
The biggest headache? Managing consumer devices. Doctors love their iPads and want to use them for work. (It must be the form factor-a next-gen version of the metal-covered chart ubiquitous on medical drama TV shows.) The real life numbers tell the same story. According to Manhattan Research, a healthcare market research firm, just one year after the iPad hit the market, 30 percent of U.S. physicians had adopted the device and an additional 28 percent plan to purchase an iPad within the next six months.
Read More »
Tags: mobile security, security