Security Management Strategies for the CIO
Email Alerts
-
Data security best practices for PCI DSS compliance
The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compliant if breaches still seem inevitable? In this expert... Tip
-
A preview of PCI virtualization specifications
The PCI Data Security Standard has little to say about virtualization – for now. Michael Cobb explores which best practices are likely to appear in the council's upcoming clarification document. Tip
-
Cloud compliance: How to manage SaaS risk
While Software as a Service (SaaS) can cut costs, there are definite security concerns to be aware of, including compliance issues. What's the best way to make sure that data is safe and audit-ready on the provider's server? Expert Joel Dubin gives a... Tip
-
WEP to WPA: Wireless encryption in the wake of PCI DSS 1.2
The PCI Security Standards Council recently announced the upcoming release of PCI DSS version 1.2. Plenty of changes are on the way, but one in particular may call for some significant wireless infrastructure upgrades. Mike Chapple explains why the l... Tip
-
Version 1.2 of Payment Card Industry (PCI) Data Security Standard answers questions, raises others
Understanding the wording of the PCI Data Security Standard isn't always easy. What exactly qualifies as an "application firewall," for example, or even "strong encryption?" Thankfully, clarifications to terminology and requirements are coming in PCI... Tip
-
PCI version 1.2 clarifications: How to get an early start on compliance audits
Last month, the PCI Security Standards Council released a preview of changes in the upcoming Payment Card Industry Data Security Standard revision. The clarifications in the standard's language are welcome adjustments, but the tweaks may have an effe... Tip
-
The Little Black Book of Computer Security, 2nd Edition
In an online excerpt of The Little Black Book of Computer Security, expert author Joel Dubin reviews how to prepare for today's most important compliance requirements. Tip
-
Compliance recycling: Combining compliance efforts to manage PCI DSS
While the Payment Card Industry Data Security Standard (PCI DSS) looms large over most enterprises' compliance efforts, it doesn't necessarily mean abandoning other compliance efforts. Expert Diana Kelley explains not only how to use existing control... Tip
-
The 'security standards dilemma': Network segmentation and PCI Compliance
The Hannford Bros. data security breach led many to believe that even PCI-compliant organizations did not properly segment their networks -- or that PCI does not adequately address the importance of network segregation. Contributor Stephen Cobb expla... Tip
-
PCI compliance and Web applications: Code review or firewalls?
The Payment Card Industry Data Security Standard is about to get a new wrinkle involving Web applications. As of June 30, 2008, to achieve PCI compliance, enterprises must either have their custom Web application code reviewed or install Web applicat... Tip