Access "Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes"
This article is part of the December 2006 issue of What's your biggest information security concern?
They lay out the missteps of others so you can be spared a similar fate. Roger Nebel has seen plenty of payment card industry security violations in his day, but one retail client's transgressions were the worst. The trouble started with the retailer's checkout counter machines, where customers swipe their credit cards, recalls Nebel, director of strategic security for Washington D.C.-based FTI Consulting. The client used two versions of the point-of-sale system in various locations--an older version that didn't encrypt cardholder data, and a newer version that did. Then, the retailer's POS device vendor used a well-known Web-based program to remotely manage several systems with a common user ID and password. Meanwhile, the client failed to log activity on the systems, there was no security monitoring in general, and several sites lacked adequate antivirus software. The environment was ripe for the picking, and one or more thieves eventually lifted credit card data from several locations using a Trojan horse program. "This business took every wrong turn you ... Access >>>
Premium Content for Free.
Finding the best security testing tools for product evaluation
Learn how you can use new information security tools to examine security products and investments, such as IPS, firewall or VPN gateway.
Risk Management: Skybox Security's Skybox View 3.0
Read a security product review of Skybox Security's Skybox View 3.0.
by Steven Weil, Contributor
Third Brigade's Deep Security 4.5
Intrusion Detection: Lancope StealthWatch 5.5
Lancope's Lancope StealthWatch 5.5
Protect What's Precious
We asked and you answered: Insiders, information leaks, compliance and the bottom line are your front-and-center priorities for 2007.
- At Your Service: December 2006 managed services security news
Reconnex's iGuard v5 security tool review
by Tom Bowers, Contributor
Product review of Reconnex iGuard v5, a data protection security tool used for information leaks, compliance, perimeter security, traffic analysis and tracking.
- Finding the best security testing tools for product evaluation
Security Products Latest Version Releases: CipherTrust, Infoblox
Get news on the latest version product releases; get setup, pricing and configuration info from vendors such as CipherTrust, Infoblox and Safend.
Secure Reads: Multimedia Fingerprinting Forensics for Traitor Tracing
Read a quick review of Multimedia Fingerprinting Forensics for Traitor Tracing.
Automated data classification drives security, storage convergence
Data classification products from a variety of startups are leading efforts to increase convergence of security, compliance and storage management.
Antimalware: Prevx's Prevx1
Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes
Get advice from auditors on how to avoid audit failure and get PCI DSS compliant to prevent a security breach.
- Security 7, 'Best In Show' Shine
- Security Products Latest Version Releases: CipherTrust, Infoblox
Editor's Desk: More threats and more dollars
Holiday Cheer or Fear?
PING: Bernard Donnelly
Read an interview with Bernard Donnelly, vice president of quality assurance for the Philadelphia Stock Exchange.
Perspectives: Lack of enforcement undercuts HIPAA
A lack of HIPAA enforcement makes physicians unwilling to change habits that threaten the security of data.
Layer 8: Security managers come into their own
- Editor's Desk: More threats and more dollars
More Premium Content Accessible For Free
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...
In the rush to capitalize on big data, many companies forget that developing an ecosystem of structured and unstructured data means higher risk of ...