Weak Application Security = Non-Compliance
I had to post about this one – our general counsel and compliance specialist Dave Stampley wrote an article recently at Information Week about the importance of ensuring application security as part of...
View ArticleMy $0.02 on PCI DSS 6.6.
The PCI Security Council on April 15, released clarification on DSS requirement 6.6. Requirement 6.6 states that all web facing applications are protected against known attacks by having a code review...
View ArticleResponse to Visa’s Chief Enterprise Risk Officer comments on PCI DSS
Visa’s Chief Enterprise Risk Officer, Ellen Richey, recently presented at the Visa Security Summit on March 19th. One of the valuable points made in her presentation was defending the value of...
View ArticleCOSO II Event Identification will be a significant challenge for companies
COSO’s improvement to COSO II, sometimes referred to as COSO ERM, added requirements for objective setting, risk identification, management & reporting, as well as risk treatment and event...
View ArticleVirtualization: When and where?
We often field questions from our clients regarding the risks associated with hypervisor / virtualization technology. Ultimately the technology is still software, and still faces many of the same...
View ArticleSize is a Factor
How do you protect sensitive data and networks? The approach you take tends to depend a lot on “size.” For most organizations, their “size” is simply measured by sales and revenue. For organizations...
View ArticlePCI Surprises
By Patrick Harbauer Whenever we perform a PCI assessment for a new client, we invariably have the Gomer Pyle “Surprise!, surprise!” conversation with IT management. And the outcome of the conversation...
View ArticleService Provider Scoping Angst
By Patrick Harbauer Over the past several months we have had many service providers come to us wringing their hands wondering if they should go through the ROC process. They may offer cloud services or...
View ArticleWho owns and regulates MY Facebook data?
My previous post briefly described the data that makes up a user’s Facebook data and this post will try to shed light on who owns and regulates this data. I am probably not going out on a limb here to...
View ArticleSet and Don’t Forget
By Patrick Harbauer, Neohapsis Senior Security Consultant and PCI Technical Lead There are several PCI DSS requirements that are related to tasks that must be performed on a regular basis. The...
View ArticlePCI DSS 3.0
The Payment Card Industry Security Standards Council (PCI SSC) has released a draft version of the Payment Card Industry Data Security Standard (PCI DSS) Version 3.0 to Qualified Security Assessor...
View Article
More Pages to Explore .....