Security Management Strategies for the CIO
Email Alerts
-
Resist credit card data compromise threats due to memory-scraping malware
PCI DSS does a good job of making sure credit card data in persistent storage is secure, however, such data in non-persistent storage -- such as files stored temporarily in memory -- can still be vulnerable to compromise, particularly via memory-scra... Tip
-
A PCI compliance network testing checklist to limit PCI DSS scope
Network security pros may not realize it, but they may inadvertently be on the hook regarding PCI DSS compliance if card data is inadvertently spread across the network. Ed Moyle discusses how this happens and how to make sure the network falls out o... Tip
-
Assessment success: PCI DSS standards and secure data storage
PCI DSS standards for secure data storage are specific and detailed, but there are two key steps that can significantly reduce the pain of an assessment. PCI DSS expert Anton Chuvakin explains. Tip
-
PCI DSS requirement: Maintaining a vulnerability management program
The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place. Tip
-
Ease credit card risks: POS encryption and data tokenization for PCI
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains what to consider before using tokenization and transact... Tip
-
How to change from WEP to WPA for PCI DSS compliance
The deadline to change from WEP to WPA wireless encryption standard for PCI DSS compliance is quickly approaching. Learn how to change from WEP to WPA and how to ensure that WEP is completely eradicated from your network. Tip
-
PCI compliance requirements affect IT risk assessments
In their book PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, authors Dr. Anton Chuvakin and Branden Williams discuss how to best approach PCI compliance requirements in your organization. Tip
-
The future of PCI DSS encryption requirements? Tokenization for PCI
Can tokenization help reduce the scope of PCI DSS? How does tokenization interact with PCI DSS encryption requirements? Learn more about this technology and whether it's right for your enterprise. Tip
-
Weighing the pros and cons of end-to-end encryption and tokenization
With PCI DSS and other compliance requirements, organizations are looking for surefire solutions to protect payment card and other sensitive data. Tokenization and end-to-end encryption have emerged as promising technologies, but as Dave Shackleford ... Tip
-
Five things to do before your first PCI DSS compliance audit
Put these steps in motion before your organization's first PCI DSS compliance audit. Tip