Oct: Swipe&Sign + Breach = Merchant Liable Not CC companies
The Cybersecurity field knows this has been in the works for a year now, and in 5 months it will happen. Chip in a Credit card The US will catch…
How much Security is enough?
Tim Wilson at DarkReading is discussing a little on how to discuss security issues, goals, and concerns. Of course his message is a basic and simple one how much should…
Where does PCI Compliance Fail?
Put another way if everyone keeps saying being PCI compliant does not mean being secure, where exactly does this occur – the failure of PCI compliance? One major difference is…
Risk Management Framework
If you had to start over how would you do it? The NIST (National Institute Science Technology) document is a good place to start http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf Publication 800-37 Guide for Applying…
Patching Software “Security” Dilemma
We have a dilemma when deciding how and when to patch the software we depend on. Not all vulnerability patches are built to fix the problems they were set to…