securitycompliance

Federal Laws May Affect Cybersecurity Legal

by

Security Magazine has the story: http://www.securitymagazine.com/articles/86057-understanding-the-new-federal-cyber-laws The CEA(Cybersecurity Enhancement Act 2014) is the most significant of the December bills both in breadth and likely in significance. Where NIST(National Institute of Standards and Technology) has setup a Cybersecurity framework which is very flexible for companies to follow.  NIST Feb 12,2014 Cybersecurity Framework document. The interesting paragraph … Read more

How do we improve Security?

by

We need a Renaissance of focus on Security. I’m a Systems Engineer (http://www.fixvirus.com/about-us-full-story/) and teacher of Security Architecture (SEC020 at Professional Education Technology & Leadership Center at Washington university in Saint Louis) So of course like a dentist looking at teeth (they can’t help it) I look at computers from a systems point of view. Which … Read more

PCI Compliance Also on Cloud?

by

What about “PCI Compliance on Cloud?”   There _is_ a document by the Payment Card Industry (PCI) SSC(Security Standards Council) website https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Cloud_Guidelines.pdf Notice this is a v2(Feb 2013) document of the DSS (Data Security Standard), and we know that the latest DSS document is v3 (Nov 2013), but we can figure out a few things … Read more

2 Steps Stop All Cyberattacks

by

1. Obtain a technology that will be able to see the attacker trying to communicate with the attack software(malware etc) in your network. This system should have the capability to remove network traffic if it does not pass your rules. The NGFW Next Generation FireWall with an included Intrusion Prevention System(IPS) can get this job … Read more

Why is Pentesting Needed?

by

Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more