Security Management Strategies for the CIOAccess "Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes"
This article is part of the December 2006 issue of What's your biggest information security concern?
They lay out the missteps of others so you can be spared a similar fate. Roger Nebel has seen plenty of payment card industry security violations in his day, but one retail client's transgressions were the worst. The trouble started with the retailer's checkout counter machines, where customers swipe their credit cards, recalls Nebel, director of strategic security for Washington D.C.-based FTI Consulting. The client used two versions of the point-of-sale system in various locations--an older version that didn't encrypt cardholder data, and a newer version that did. Then, the retailer's POS device vendor used a well-known Web-based program to remotely manage several systems with a common user ID and password. Meanwhile, the client failed to log activity on the systems, there was no security monitoring in general, and several sites lacked adequate antivirus software. The environment was ripe for the picking, and one or more thieves eventually lifted credit card data from several locations using a Trojan horse program. "This business took every wrong turn you ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Finding the best security testing tools for product evaluation
Learn how you can use new information security tools to examine security products and investments, such as IPS, firewall or VPN gateway.
-
Risk Management: Skybox Security's Skybox View 3.0
Read a security product review of Skybox Security's Skybox View 3.0.
-
Host-Based IPS
Third Brigade's Deep Security 4.5
-
Intrusion Detection: Lancope StealthWatch 5.5
Lancope's Lancope StealthWatch 5.5
-
Protect What's Precious
We asked and you answered: Insiders, information leaks, compliance and the bottom line are your front-and-center priorities for 2007.
- At Your Service: December 2006 managed services security news
-
Reconnex's iGuard v5 security tool review
by Tom Bowers, Contributor
Product review of Reconnex iGuard v5, a data protection security tool used for information leaks, compliance, perimeter security, traffic analysis and tracking.
-
Finding the best security testing tools for product evaluation
-
-
Security Products Latest Version Releases: CipherTrust, Infoblox
Get news on the latest version product releases; get setup, pricing and configuration info from vendors such as CipherTrust, Infoblox and Safend.
-
Secure Reads: Multimedia Fingerprinting Forensics for Traitor Tracing
Read a quick review of Multimedia Fingerprinting Forensics for Traitor Tracing.
-
Automated data classification drives security, storage convergence
Data classification products from a variety of startups are leading efforts to increase convergence of security, compliance and storage management.
-
Antimalware: Prevx's Prevx1
Prevx's Prevx1
-
Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes
Get advice from auditors on how to avoid audit failure and get PCI DSS compliant to prevent a security breach.
- Security 7, 'Best In Show' Shine
-
Security Products Latest Version Releases: CipherTrust, Infoblox
-
Columns
-
Editor's Desk: More threats and more dollars
Holiday Cheer or Fear?
-
PING: Bernard Donnelly
Read an interview with Bernard Donnelly, vice president of quality assurance for the Philadelphia Stock Exchange.
-
Perspectives: Lack of enforcement undercuts HIPAA
A lack of HIPAA enforcement makes physicians unwilling to change habits that threaten the security of data.
-
Layer 8: Security managers come into their own
Professional Progress
-
Editor's Desk: More threats and more dollars
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...