Preparing For A Firewall Audit
Network security audits are getting a lot of coverage these days thanks to standards like SOX, PCI-DSS, and HIPAA. Even if you dont need to comply with any of those standards, business relationships with partners or customers may require you to show that your network is secure. via Preparing For A Firewall Audit | Katonda.
|
Enterprise risk management: Get started in six steps
I propose that ERM is worth doing and doesn’t have to be so complex if you simply “begin with the end in mind,” as Stephen Covey says in The 7 Habits of Highly Successful Security Leaders. Or would have said if he’d written such a book. The basis of my thoughts is COSO’s ERM framework [...]
|
Hard Drives in Copy or Fax Machines are a HIPAA Risk | Supply Chain
While everyone is worried about stolen laptops or unauthorized access to computer files, who ever thought the hard drive in copying and fax machines could be a potential HIPAA violation? Copy machines, fax machines and scanners now contain hard drives like computer hard drives that store images of all the pages of information [...]
|
Writing A #PCI Compensating Control
This is a very popular topic these days as more and more organizations have to rely on compensating controls to comply with the PCI DSS. With the exception of requirement 3.2 do not retain track data, any of the other PCI DSS requirements can be met with a compensating control. First, let us get [...]
|
Roundup of largest data breaches / incidents
records date organizations 130,000,000 2009-01-20 Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank 94,000,000 2007-01-17 TJX Companies Inc. 90,000,000 1984-06-01 TRW, Sears Roebuck 76,000,000 2009-10-05 National Archives and Records Administration 40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express 26,500,000 2006-05-22 U.S. Department of Veterans Affairs 25,000,000 2007-11-20 HM Revenue and Customs, TNT 17,000,000 2008-10-06 [...]
|
1-in-4 worms spread through infected USB devices
Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices. via 1-in-4 worms spread through infected USB devices.
|
Visa Raises The Bar For PA-DSS Applications And Vendors
For example, using a PA-DSS validated application by itself does not make you PCI compliant. Rather, you still need to implement the application according to the vendors implementation guide (which is sometimes an issue when resellers are involved), and you have to implement it in a PCI-compliant environment. via StorefrontBacktalk » Blog Archive » Visa [...]
|
Tenable Network Security Awarded U.S. Patent for Network Monitoring Technology Technology | Centre Daily Times State College, PA | Penn State, Nittany Lions, weather, news, jobs, homes, apartments, real estate
Tenable developed the Passive Vulnerability Scanner PVS to complement its other market leading active network scanner, Nessus. Where Nessus allows organizations to audit networks for known vulnerabilities, conduct full patch and configuration and compliance audits at a point in time, Tenables PVS allows organizations to continuously monitor the same network by analyzing network traffic 24×7 [...]
|
Privacy software: Who are the early leaders? software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance Security & Email PC World Business
Together they form what I’d call the “privacy GRC” market, where GRC stands for “governance, risk and compliance.” GRC makes up most of what privacy people do. It’s not a big market. To put things into perspective, Gartner is only in its third year of analyzing the nascent IT GRC market. The privacy GRC market [...]
|
Windows DLL load hijacking exploits go wild
Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company’s software. Also on Tuesday, a security firm that’s been researching the issue for the last nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking, [...]
|
