Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

PCI DSS 3.1 will remove SSL as an example of strong cryptography, meaning organizations will have to upgrade to TLS to comply. [Read More]
Google says Chrome will no longer trust certificates from the China Internet Network Information Center (CNNIC) following the MCS Holdings incident. [Read More]
Companies are still struggling as they fall out of compliance during the year, Andi Baritchi, global managing principal of PCI Consulting Services at Verizon Enterprise Solutions, told SecurityWeek. [Read More]
A draft of the CryptoCurrency Security Standard (CCSS) has been made available for public discussion by C4 and BitGo. [Read More]
A new provision in Canada’s Anti-Spam Legislation (CASL) prohibiting the installation of software without consent from the device’s owner came into effect on Thursday. [Read More]
In response to the increase in online payment fraud, the European Banking Authority (EBA) published last week a set of minimum security requirements that payment services providers in the European Union are expected to implement by August 1, 2015 [Read More]
Ireland’s Office of the Data Protection Commissioner will receive €3.65 million funding in 2015. [Read More]
The PCI Security Standards Council is weighing in to help push best practices for terminal software security. [Read More]
The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS). [Read More]
When PCI DSS 3.0 becomes mandatory next year, businesses will need to remember to pay attention to the security of the third-party providers they do business with. [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Jeff Hudson's picture
The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. For example, exposing cryptographic key management information to more than those that need to know creates a compliance violation.
Steve Ragan's picture
For most CISOs, the pain of an audit is part of the job, but it doesn’t have to be the nightmare that most of the IT community envisions.
Chris Hinkley's picture
Cloud infrastructures can be secure, and they must be for the need is growing quite fast. In this vein, organizations don’t have to be fearful of public clouds. They just need to better understand them.
Oliver Rochford's picture
To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
Michael Goff's picture
In 2011 we were reminded that software piracy cannot be stopped. Despite the best efforts of software vendors, industry watchdog groups and government, software piracy continues to proliferate.
Mandeep Khera's picture
Merchants who are required to be PCI-DSS Compliant will have to get their validation under provisions of PCI-DSS 2.0 by December 31st, 2011. What are some of the key changes in PCI-DSS 2.0? Are you ready?
Chris Hinkley's picture
Mobile applications and the platforms they are built on make PA-DSS compliance difficult due to the rapidly evolving threat landscape. With increased attacks and their tragic affects on businesses and consumers, it's important to make make sure your mobile operations properly secured.
Chris Hinkley's picture
2011 has been a monumental year for hackers. Businesses as well as consumers felt the brunt of cybercrime by the millions, some of them a few times over. Here’s a look at the top hacks so far this year, and what we can learn from them.
Chris Poulin's picture
A properly deployed SIEM can add tremendous value to an organization’s security program. This week, Chris describes how you can get the most out of an SIEM solution through proper deployment strategies.
Chris Hinkley's picture
Real security goes beyond compliance, and integrates with validation and security processes. This causes confusion for many organizations as they pursue compliance standards. So let’s break it down.