Quantcast
Channel: Neohapsis Labs » Compliance
Browsing all 11 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Weak Application Security = Non-Compliance

I had to post about this one – our general counsel and compliance specialist Dave Stampley wrote an article recently at Information Week about the importance of ensuring application security as part of...

View Article



Image may be NSFW.
Clik here to view.

My $0.02 on PCI DSS 6.6.

The PCI Security Council on April 15, released clarification on DSS requirement 6.6. Requirement 6.6 states that all web facing applications are protected against known attacks by having a code review...

View Article

Image may be NSFW.
Clik here to view.

Response to Visa’s Chief Enterprise Risk Officer comments on PCI DSS

Visa’s Chief Enterprise Risk Officer, Ellen Richey, recently presented at the Visa Security Summit on March 19th. One of the valuable points made in her presentation was defending the value of...

View Article

Image may be NSFW.
Clik here to view.

COSO II Event Identification will be a significant challenge for companies

COSO’s improvement to COSO II, sometimes referred to as COSO ERM, added requirements for objective setting, risk identification, management & reporting, as well as risk treatment and event...

View Article

Image may be NSFW.
Clik here to view.

Virtualization: When and where?

We often field questions from our clients regarding the risks associated with hypervisor / virtualization technology.  Ultimately the technology is still software, and still faces many of the same...

View Article


Image may be NSFW.
Clik here to view.

Size is a Factor

How do you protect sensitive data and networks?  The approach you take tends to depend a lot on “size.”  For most organizations, their “size” is simply measured by sales and revenue.  For organizations...

View Article

Image may be NSFW.
Clik here to view.

PCI Surprises

By Patrick Harbauer Whenever we perform a PCI assessment for a new client, we invariably have the Gomer Pyle “Surprise!, surprise!” conversation with IT management. And the outcome of the conversation...

View Article

Image may be NSFW.
Clik here to view.

Service Provider Scoping Angst

By Patrick Harbauer Over the past several months we have had many service providers come to us wringing their hands wondering if they should go through the ROC process. They may offer cloud services or...

View Article


Image may be NSFW.
Clik here to view.

Who owns and regulates MY Facebook data?

My previous post briefly described the data that makes up a user’s Facebook data and this post will try to shed light on who owns and regulates this data. I am probably not going out on a limb here to...

View Article


Image may be NSFW.
Clik here to view.

Set and Don’t Forget

By Patrick Harbauer, Neohapsis Senior Security Consultant and PCI Technical Lead There are several PCI DSS requirements that are related to tasks that must be performed on a regular basis. The...

View Article

Image may be NSFW.
Clik here to view.

PCI DSS 3.0

The Payment Card Industry Security Standards Council (PCI SSC) has released a draft version of the Payment Card Industry Data Security Standard (PCI DSS) Version 3.0 to Qualified Security Assessor...

View Article
Browsing all 11 articles
Browse latest View live




Latest Images