Security Experts:

long dotted


The Payment Card Industry Security Standards Council (PCI SSC) has set a new deadline for when organizations that process payments should complete the migration off vulnerable SSL and early TSL encryption. [Read More]
The bipartisan Cybersecurity Disclosure Act of 2015 seeks to encourage the disclosure of cybersecurity expertise on corporate boards at publicly traded companies. [Read More]
Comodo has mistakenly issued certificates containing internal names. The company spotted such credentials from other CAs as well. [Read More]
Hackers breached the systems of anti-adblocking service PageFair and used the access to deliver malware [Read More]
Google tells Symantec to step up its game when it comes to issuing digital certificates. [Read More]
Since the cost of breaking SHA1 is lower than initially estimated, Mozilla is considering rejecting SHA1 based certificates sooner than planned. [Read More]
The Core Infrastructure Initiative wants to launch a security-focused badge program to encourage open source projects to follow best practices. [Read More]
Security firms have joined forces in an effort to prevent the adoption of the recently proposed Wassenaar Arrangement rules regarding intrusion and surveillance software. [Read More]
The PCI Council has announced updates to the Point-to-Point Encryption (P2PE) and device security standards. [Read More]
Amazon publishes its first transparency report. The e-commerce giant received nearly 1,000 customers data requests from government agencies in the first half of 2015. [Read More]


rss icon

Chris Poulin's picture
Part 1: Why the Star Trek Medical Tricorder Didn’t have an App Store. The future of information security is looking brilliant: by the 23rd century there will be no computer hacks—at least according to Star Trek.
Jeff Hudson's picture
The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. For example, exposing cryptographic key management information to more than those that need to know creates a compliance violation.
Steve Ragan's picture
For most CISOs, the pain of an audit is part of the job, but it doesn’t have to be the nightmare that most of the IT community envisions.
Chris Hinkley's picture
Cloud infrastructures can be secure, and they must be for the need is growing quite fast. In this vein, organizations don’t have to be fearful of public clouds. They just need to better understand them.
Oliver Rochford's picture
To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
Michael Goff's picture
In 2011 we were reminded that software piracy cannot be stopped. Despite the best efforts of software vendors, industry watchdog groups and government, software piracy continues to proliferate.
Mandeep Khera's picture
Merchants who are required to be PCI-DSS Compliant will have to get their validation under provisions of PCI-DSS 2.0 by December 31st, 2011. What are some of the key changes in PCI-DSS 2.0? Are you ready?
Chris Hinkley's picture
Mobile applications and the platforms they are built on make PA-DSS compliance difficult due to the rapidly evolving threat landscape. With increased attacks and their tragic affects on businesses and consumers, it's important to make make sure your mobile operations properly secured.
Chris Hinkley's picture
2011 has been a monumental year for hackers. Businesses as well as consumers felt the brunt of cybercrime by the millions, some of them a few times over. Here’s a look at the top hacks so far this year, and what we can learn from them.
Chris Poulin's picture
A properly deployed SIEM can add tremendous value to an organization’s security program. This week, Chris describes how you can get the most out of an SIEM solution through proper deployment strategies.