Security Experts:

long dotted


Security firms have joined forces in an effort to prevent the adoption of the recently proposed Wassenaar Arrangement rules regarding intrusion and surveillance software.
The PCI Council has announced updates to the Point-to-Point Encryption (P2PE) and device security standards.
Amazon publishes its first transparency report. The e-commerce giant received nearly 1,000 customers data requests from government agencies in the first half of 2015.
The Payment Application Data Security Standard (PA-DSS) has been updated to reflect new guidance on the security of the SSL protocol.
The Wassenaar Arrangement proposal published by BIS doesn't address previously raised concerns. Experts are worried about the negative impact on the industry.
Mozilla will remove the CA certificate of Turkish company E-Guven in Firefox due to outdated and insufficient audits.
The PCI Security Standards Council has released guidelines for the development of tokenization products.
Mozilla has decided that new CNNIC certificates will not be trusted until the Chinese CA cleans up its act.
PCI DSS 3.1 will remove SSL as an example of strong cryptography, meaning organizations will have to upgrade to TLS to comply.
Google says Chrome will no longer trust certificates from the China Internet Network Information Center (CNNIC) following the MCS Holdings incident.


rss icon

Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.
Nick Cavalancia's picture
In the era of the public cloud, when employees are frequently using consumerized applications to share and store data, it's time for security and risk professionals to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself.