Cisco Blogs


Cisco Blog > Security

Simplifying PCI Compliance for SMBs

Payment Card Industry (PCI) compliance can often be overwhelming for all enterprises, let alone small and medium businesses (SMBs).  Given limited budgets and IT resources, SMBs face an even greater challenge than large enterprises.

The PCI Data Security Standard (DSS) 2.0 is complex on several levels:

  • It requires expertise on a range of network systems and security technologies.
  • It requires continual monitoring and management of access to cardholder data.
  • There is no “silver bullet” technology that can address a growing list of detailed standards and requirements. Technologies such as encryption, tokenization, as well as Europay, MasterCard, and Visa (EMV) smartcards address portions of your infrastructure, but none provide a single compliance solution.
  • It’s dynamic and requires ongoing diligence.  Being compliant at the time of your audit is a snapshot in time that requires simplified maintenance.

These requirements take time, effort and funding, which are all in short supply in SMBs.

Help is at hand. Cisco and many of its partners offer cost-effective PCI compliance services--including assistance for SMBs as they complete their self-assessment questionnaire or assess PCI readiness.   In a recent article  authored by Cisco and partners Verizon Business and Presidio, we examine ways to simplify compliance for small and medium businesses.  Learn the 5 key strategies to securing your customer information while incorporating security best practices from Aaron Renolds, QSA and Principal Consultant at Verizon Enterprise Solutions and Sean Wallis, Senior Security Consultant at Presidio Networked Solutions.

Advice to Managers: Five Ways to Simplify Your PCI 2.0 Compliance:

http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/do_business_better/advice_to_managers/index.html

Tags: , , , , , , ,

“War, what is it good for” as a security metaphor?

I have a thing for metaphors. I wrote my dissertation on them. And they have helped me enormously as a non-engineer working in IT security.

Metaphors are powerful tools (that’s a metaphor, by the way). Literally referring to something as something else enables us to make mental connections between concepts that are not really the same. War and weapons have proven historically useful metaphors. In wartime, everything changes. We look at the situation, our opponents, and even ourselves very differently (I like the image of a noble warrior on the battlefield more than that of a guy who spends most of his day sitting and typing…)

But metaphors also cause trouble, especially when we use them to over-simplify. I am skeptical of “security as war” metaphors, including that of the arms race. The metaphor detracts from the very real threats of cyber- and information warfare. War doesn’t define security any more than war defines firearms. Unless we are specifically talking about threats from nation states (and a few other actors) using information technology as part of armed conflict, we are not talking about war. And this is not what we are usually talking about in information security.

Read More »

Tags: , , , ,

Network Defense at Blackhat 2012

Just back from presenting lab-based training session Detecting & Mitigating Attacks Using Your Network Infrastructure with Joe Karpenko at Blackhat USA 2012. Great to see a Defense track of Briefings which included Intrusion Detection Along The Kill Chain: Why Your Detection System Sucks And What To Do About It and more of an emphasis on protecting or remediating network infrastructures in topics like Targeted Intrusion Remediation: Lessons From The Front Lines. I attended several of these briefings and was impressed with the breadth of information provided for network operators. The Defense briefings align well with the network security best practices advocated by Cisco and presented in our training. These best practices include: Read More »

Tags: , , ,

Work Your Way, Securely

August 2, 2012 at 11:17 am PST

Hear how financial innovator Diebold gains visibility and control of the 87,000 devices on their network. David Kennedy, former Chief Security Officer at Diebold recognizes there is no stopping new mobile devices and sets course to secure the organization while ensuring the business may continue to generate revenue. Workers want to work their way securely and prefer that the security is transparent so that they have the optimal experience. He speaks to the unique granularity that the Cisco Identity Services Engine (ISE) offers to segment access by user, device, access method, posture, and time. So that engineers may have access to their codebase while marketing professionals like me have no access from my new iPad:

Read More »

Tags: , , , ,

BYOD on a University Campus: A Student’s Perspective

There is a new generation of college students out there, I would know as I recently was one of them.  Information being at your fingertips is no longer a luxury, it is a necessity.  Professors’ expectations of their students have increased dramatically due to the wealth of information on mobile devices.  Every class I attended leveraged some form of wireless access to the web.  Instant message in response to real-time questions and online submissions are just two of many examples of how network access has been integrated into the education system.  Professors would consistently use online tools such as online drop boxes for projects and web conferencing tools.  According to MarketWire 92% of college students feel a laptop is a necessity, this indicates that the requirement of mobile access at a university is a given and the college experience is defined by the ease of that access. 

Professors are on tight schedules and are generally available only at certain times of the day.  Imagine- wanting to contact a professor during open hours only to fall short because your laptop had difficulty getting any kind of connection.  I remember the frustrations of wanting to revisit PowerPoint presentations on a class website in the library, only to realize that I was sitting by the one window notorious for being a wireless dead zone.  Dorms were infamous for spotty coverage.  Having the dorm room located closest to the access point for best access was purely by luck of the draw.  I was not so lucky.  In my dorm, you would not get any wireless access unless you were sitting right next to the hallway.  That’s why I am especially envious of the students of Colorado University, whose alma mater upgraded to enterprise-class coverage. 

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,