Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Companies are still struggling as they fall out of compliance during the year, Andi Baritchi, global managing principal of PCI Consulting Services at Verizon Enterprise Solutions, told SecurityWeek.
A draft of the CryptoCurrency Security Standard (CCSS) has been made available for public discussion by C4 and BitGo.
A new provision in Canada’s Anti-Spam Legislation (CASL) prohibiting the installation of software without consent from the device’s owner came into effect on Thursday.
In response to the increase in online payment fraud, the European Banking Authority (EBA) published last week a set of minimum security requirements that payment services providers in the European Union are expected to implement by August 1, 2015
Ireland’s Office of the Data Protection Commissioner will receive €3.65 million funding in 2015.
The PCI Security Standards Council is weighing in to help push best practices for terminal software security.
The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS).
When PCI DSS 3.0 becomes mandatory next year, businesses will need to remember to pay attention to the security of the third-party providers they do business with.
Amazon Web Services announced three new services designed to provide enterprise customers with additional security, governance, and compliance solutions for their resources deployed in the AWS Cloud.
American Express has launched a new services designed to protect online and mobile payments by replacing sensitive card information with tokens.

FEATURES, INSIGHTS // Compliance

rss icon

Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.
Nick Cavalancia's picture
In the era of the public cloud, when employees are frequently using consumerized applications to share and store data, it's time for security and risk professionals to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself.