The piercing lens of information security changes focus quite often. In recent weeks the security vulnerability lens is focused on point-of-sale (POS) devices. And there seems to be good reason. The Target breach, perhaps the largest reporting breach in history, seems to be the result of malicious software inserted into these devices via a network hole […]
We talk to customers every day about security policies. One of the most common questions we receive is this: How should we structure our information security policies? When we dig deeper, we usually find that this is a really a two-part question regarding policy structure. First, how should we name and organize our documents. Second, […]
Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sed vulputate massa. Fusce ante magna, iaculis ut purus ut, facilisis ultrices nibh. Quisque commodo nunc eget tortor dapibus, et tristique magna convallis. Phasellus egestas nunc eu venenatis vehicula. Phasellus et magna nulla. Proin ante nunc, mollis a lectus ac, volutpat placerat ante. Vestibulum sit amet […]
Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sed vulputate massa. Fusce ante magna, iaculis ut purus ut, facilisis ultrices nibh. Quisque commodo nunc eget tortor dapibus, et tristique magna convallis. Phasellus egestas nunc eu venenatis vehicula. Phasellus et magna nulla. Proin ante nunc, mollis a lectus ac, volutpat placerat ante. Vestibulum sit amet […]
Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sed vulputate massa. Fusce ante magna, iaculis ut purus ut, facilisis ultrices nibh. Quisque commodo nunc eget tortor dapibus, et tristique magna convallis. Phasellus egestas nunc eu venenatis vehicula. Phasellus et magna nulla. Proin ante nunc, mollis a lectus ac, volutpat placerat ante. Vestibulum sit amet […]
The PCI Security Standards Council just released Version 3.0 of the Payment Card Industry Data Security Standard (PCI-DSS), the set of requirements for protecting credit card data. The update had some significant changes, including a greater focus on third-party information security. There are many articles describing the new changes to PCI-DSS V3, including a nice […]
The British Standards Institute (BSI) recently released an updated version of ISO/IEC 27002 – Code of Practice for Information Security Controls. This was the first major update since the 2005 release. Many organizations are interested in how the changes will impact their information security program. What Really Changed? In our review, very little in the […]