Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

When PCI DSS 3.0 becomes mandatory next year, businesses will need to remember to pay attention to the security of the third-party providers they do business with.
Amazon Web Services announced three new services designed to provide enterprise customers with additional security, governance, and compliance solutions for their resources deployed in the AWS Cloud.
American Express has launched a new services designed to protect online and mobile payments by replacing sensitive card information with tokens.
PCI Security Standards Council published advice for building a security awareness program.
The Payment Card Industry (PCI) Security Standards Council has published guidance that provides merchants with payment security best practices for working with third-party providers.
Microsoft will challenge a US court order requiring it to give prosecutors electronic mail content associated with an overseas server in a data center in Dublin.
Microsoft said it was under investigation by antitrust authorities in China, pledging to cooperate in the investigation.
Officials from China's corporate regulator paid visits to Microsoft's offices in four cities in the country.
UK Travel Company W3 Limited was fined £150,000 for violating the Data Protection Act after hackers stole details of 1.1 Million payment cards.
Businesses that handle payment card data have to become compliant with the Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) by December 31, 2014, yet many appear to be unprepared for the challenge.

FEATURES, INSIGHTS // Compliance

rss icon

James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.
Nick Cavalancia's picture
In the era of the public cloud, when employees are frequently using consumerized applications to share and store data, it's time for security and risk professionals to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself.
Jon-Louis Heimerl's picture
The Omnibus Rule that updated the Health Insurance Portability and Accountability Act (HIPAA) has the potential to be a game changer because of the things it says in writing, as well as some of the things that it doesn’t say.