PCI Compliance Also on Cloud?

What about “PCI Compliance on Cloud?”   There _is_ a document by the Payment Card Industry (PCI) SSC(Security Standards Council) website https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Cloud_Guidelines.pdf Notice this is a v2(Feb 2013) document of the DSS (Data Security Standard), and we know that the latest DSS document is v3 (Nov 2013), but we can figure out a few things … Read more

2 Steps Stop All Cyberattacks

1. Obtain a technology that will be able to see the attacker trying to communicate with the attack software(malware etc) in your network. This system should have the capability to remove network traffic if it does not pass your rules. The NGFW Next Generation FireWall with an included Intrusion Prevention System(IPS) can get this job … Read more

Why is Pentesting Needed?

Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more

SSL security is no longer PCI compliant

As you may know SSL is the security standard upon the encrypted Internet was first built. the Secure Socket layer is no longer secure though. If you read our POODLE (Padding Oracle On Downgraded Legacy Encryption)post: http://oversitesentry.com/the-sslv3-vulnerability-fix-and-explanation/ It showed the current reality of SSLv3 (the latest version) is no longer secure. And thus it is … Read more

Is Cloud Computing Secure?

Moving to the Cloud is important for the “next” level of IT in the board room(the Chief xO’s and directors…)   all you need is a browser in “the cloud”   Why? Now we can have  computing at our desktops and mobile devices without the local infrastructure. We don’t need those specialist IT people (I … Read more