Security Management Strategies for the CIO
Email Alerts
-
Cloud compliance: How to manage SaaS risk
While Software as a Service (SaaS) can cut costs, there are definite security concerns to be aware of, including compliance issues. What's the best way to make sure that data is safe and audit-ready on the provider's server? Expert Joel Dubin gives a... Tip
-
Best practices for merging with a company that is not PCI compliant
Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process. Ask the Expert
-
Using a QSA to write up a PCI DSS report on compliance (ROC)
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine your enterprise's level of compliance, whether to utilize a QSA and where to submit the necessary forms... Ask the Expert
-
WEP to WPA: Wireless encryption in the wake of PCI DSS 1.2
The PCI Security Standards Council recently announced the upcoming release of PCI DSS version 1.2. Plenty of changes are on the way, but one in particular may call for some significant wireless infrastructure upgrades. Mike Chapple explains why the l... Tip
-
PCI is about eliminating data, not securing it, former QSA says
Former QSA turned Forrester analyst John Kindervag calls PCI a "communicable disease." Anything introduced to the network is in PCI scope if credit card systems aren't segmented. Article
-
Security of customer data, IP sustains security budgets
Protecting customer data, corporate intellectual property and other sensitive internal data, remains a priority in many corporate board rooms, a Forrester Research survey finds. Article
-
PCI version 1.2 clarifications: How to get an early start on compliance audits
Last month, the PCI Security Standards Council released a preview of changes in the upcoming Payment Card Industry Data Security Standard revision. The clarifications in the standard's language are welcome adjustments, but the tweaks may have an effe... Tip
-
Version 1.2 of Payment Card Industry (PCI) Data Security Standard answers questions, raises others
Understanding the wording of the PCI Data Security Standard isn't always easy. What exactly qualifies as an "application firewall," for example, or even "strong encryption?" Thankfully, clarifications to terminology and requirements are coming in PCI... Tip
-
Security visualization helps make log files work
Using visualization tools, security pros can build charts and graphs to make sense of complex log files and data and improve their company's security stance. Article
-
The Little Black Book of Computer Security, 2nd Edition
In an online excerpt of The Little Black Book of Computer Security, expert author Joel Dubin reviews how to prepare for today's most important compliance requirements. Tip