The Cybersecurity field knows this has been in the works for a year now, and in 5 months it will happen. Chip in a Credit card The US will catch up to the rest of the world as world travelers know this. (Europe has had it since 2004) http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php In this image from the … Read more
Tim Wilson at DarkReading is discussing a little on how to discuss security issues, goals, and concerns. Of course his message is a basic and simple one how much should anyone be concerned with security. A business has to have sales to operate. To have sales, there must be customer service, installation and other essential … Read more
Put another way if everyone keeps saying being PCI compliant does not mean being secure, where exactly does this occur – the failure of PCI compliance? One major difference is that PCI compliance does not cover security breaches outside of credit card number information. The law covers notifications of security breaches on Personally Identifiable Information … Read more
If you had to start over how would you do it? The NIST (National Institute Science Technology) document is a good place to start http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems the document outlines how to set up a Risk Management Framework including partnerships with third party providers, … Read more
We have a dilemma when deciding how and when to patch the software we depend on. Not all vulnerability patches are built to fix the problems they were set to resolve without causing any other problem. Picture is from #TheHackerNews How do we resolve this while also realizing that the window to patch our software … Read more
