Access "Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes"
This article is part of the December 2006 issue of What's your biggest information security concern?
They lay out the missteps of others so you can be spared a similar fate. Roger Nebel has seen plenty of payment card industry security violations in his day, but one retail client's transgressions were the worst. The trouble started with the retailer's checkout counter machines, where customers swipe their credit cards, recalls Nebel, director of strategic security for Washington D.C.-based FTI Consulting. The client used two versions of the point-of-sale system in various locations--an older version that didn't encrypt cardholder data, and a newer version that did. Then, the retailer's POS device vendor used a well-known Web-based program to remotely manage several systems with a common user ID and password. Meanwhile, the client failed to log activity on the systems, there was no security monitoring in general, and several sites lacked adequate antivirus software. The environment was ripe for the picking, and one or more thieves eventually lifted credit card data from several locations using a Trojan horse program. "This business took every wrong turn you ... Access >>>
Premium Content for Free.
Finding the best security testing tools for product evaluation
Learn how you can use new information security tools to examine security products and investments, such as IPS, firewall or VPN gateway.
Risk Management: Skybox Security's Skybox View 3.0
Read a security product review of Skybox Security's Skybox View 3.0.
Third Brigade's Deep Security 4.5
Intrusion Detection: Lancope StealthWatch 5.5
Lancope's Lancope StealthWatch 5.5
Protect What's Precious
We asked and you answered: Insiders, information leaks, compliance and the bottom line are your front-and-center priorities for 2007.
- At Your Service: December 2006 managed services security news
Reconnex's iGuard v5 security tool review
by Tom Bowers, Contributor
Product review of Reconnex iGuard v5, a data protection security tool used for information leaks, compliance, perimeter security, traffic analysis and tracking.
- Finding the best security testing tools for product evaluation
Security Products Latest Version Releases: CipherTrust, Infoblox
Get news on the latest version product releases; get setup, pricing and configuration info from vendors such as CipherTrust, Infoblox and Safend.
Secure Reads: Multimedia Fingerprinting Forensics for Traitor Tracing
Read a quick review of Multimedia Fingerprinting Forensics for Traitor Tracing.
Automated data classification drives security, storage convergence
Data classification products from a variety of startups are leading efforts to increase convergence of security, compliance and storage management.
Antimalware: Prevx's Prevx1
Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes
Get advice from auditors on how to avoid audit failure and get PCI DSS compliant to prevent a security breach.
- Security 7, 'Best In Show' Shine
- Security Products Latest Version Releases: CipherTrust, Infoblox
Editor's Desk: More threats and more dollars
Holiday Cheer or Fear?
PING: Bernard Donnelly
Read an interview with Bernard Donnelly, vice president of quality assurance for the Philadelphia Stock Exchange.
Perspectives: Lack of enforcement undercuts HIPAA
A lack of HIPAA enforcement makes physicians unwilling to change habits that threaten the security of data.
Layer 8: Security managers come into their own
- Editor's Desk: More threats and more dollars
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...