Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

American Express has launched a new services designed to protect online and mobile payments by replacing sensitive card information with tokens.
PCI Security Standards Council published advice for building a security awareness program.
The Payment Card Industry (PCI) Security Standards Council has published guidance that provides merchants with payment security best practices for working with third-party providers.
Microsoft will challenge a US court order requiring it to give prosecutors electronic mail content associated with an overseas server in a data center in Dublin.
Microsoft said it was under investigation by antitrust authorities in China, pledging to cooperate in the investigation.
Officials from China's corporate regulator paid visits to Microsoft's offices in four cities in the country.
UK Travel Company W3 Limited was fined £150,000 for violating the Data Protection Act after hackers stole details of 1.1 Million payment cards.
Businesses that handle payment card data have to become compliant with the Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) by December 31, 2014, yet many appear to be unprepared for the challenge.
LifeLock said that it has pulled its mobile wallet application from popular app stores and was deleting user information stored for the mobile app from its servers.
A panel of industry experts will be examining the institute's policies in light of controversy.

FEATURES, INSIGHTS // Compliance

rss icon

Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.
Nick Cavalancia's picture
In the era of the public cloud, when employees are frequently using consumerized applications to share and store data, it's time for security and risk professionals to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself.
Jon-Louis Heimerl's picture
The Omnibus Rule that updated the Health Insurance Portability and Accountability Act (HIPAA) has the potential to be a game changer because of the things it says in writing, as well as some of the things that it doesn’t say.
Dr. Mike Lloyd's picture
2012 was an interesting year in security – publicity around breaches led to greater awareness than we’ve seen in years, encouraging many in the Federal sector to look into our corner of IT. So what will happen in IT Security 2013?