News
IT Security Audits
- November 19, 2019
19 Nov'19
CrowdStrike: Incident response times still too long
A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident.
- December 20, 2018
20 Dec'18
Twitter bugs expose user data and direct messages
Two Twitter bugs led to questions about the platform's user privacy and security, while the company said one of the bugs opened the door to possible state-sponsored attacks.
- December 11, 2018
11 Dec'18
Second Google+ data exposure leads to earlier service shutdown
Another Google Plus data exposure -- this time potentially affecting more than 52 million users -- will cause the service to be shut down four months earlier than scheduled.
-
- October 11, 2018
11 Oct'18
U.S. weapon systems cybersecurity failing, GAO report says
A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement.
- October 10, 2018
10 Oct'18
Google security audit begets product changes, German probe
A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.
- October 18, 2016
18 Oct'16
Secret Service cybersecurity audit shows 'unacceptable' flaws
A cybersecurity audit of the U.S. Secret Service found 'unacceptable vulnerabilities' that leave the possibility of insider-threat activity and privacy violations.
- June 10, 2016
10 Jun'16
Mozilla Secure Open Source Fund to aid developers with audits
Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.
- January 27, 2016
27 Jan'16
Congress demands Juniper backdoor audits by government agencies
Congressional oversight committee wants to know which U.S. government agencies used firewalls that may have been affected by the recently uncovered Juniper backdoor vulnerability.
- September 18, 2015
18 Sep'15
DHS audit details cyber mission failures and future efforts
An internal audit of the U.S. Department of Homeland Security has been completed, detailing areas where its cyber mission has failed and what plans are in place to make improvements.
- August 12, 2014
12 Aug'14
PCI audit conflict of interest problems persist
Discussing the state of PCI DSS compliance, Gartner's Avivah Litan says the industry still struggles with PCI auditors who both identify PCI problems and sell remediation services to fix them, causing a conflict of interest.
-
- October 31, 2013
31 Oct'13
PCI QSA analysis: PCI DSS 3.0 to bring new PCI challenges, benefits
A veteran QSA believes PCI DSS 3.0 will help both QSAs and enterprises, but says further clarifications are needed to avoid PCI assessment disputes.
- July 25, 2012
25 Jul'12
Black Hat 2012: Limited release for tool allowing smart meter hacks
Don Weber of InGuardians is releasing his smart meter hacking tool, but only to utilities, vendors and vendor-vetted researchers.
- March 06, 2012
06 Mar'12
How to manage the compliance cycle to improve your compliance strategy
Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue.
- January 31, 2011
31 Jan'11
Cost of non-compliance outweighs cost of maintaining compliance, report finds
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million.
- June 29, 2009
29 Jun'09
MasterCard increases PCI compliance requirements for some merchants
Company now requires merchants that process one million to six million transactions annually to have onsite assessment by a PCI QSA. Visa says it won't follow suit.
- April 08, 2009
08 Apr'09
PCI DSS Q&A: Answering your questions
Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle of CTG recently joined SearchSecurity.com for a live Q&A to address your ...
- March 05, 2009
05 Mar'09
PCI QSA assurance program penalizes assessors
Two firms certified to conduct PCI assessments have been placed into the PCI Council's remediation program for violating the QSA Validation Requirements.
- April 02, 2008
02 Apr'08
Hannaford breach illustrates dangerous compliance mentality
As Executive Editor Dennis Fisher explains, the Hannaford supermarket breach illustrates how too much emphasis on compliance puts critical data at risk.
- September 13, 2007
13 Sep'07
IBM aims identity suite at compliance, audit pains
IBM has been on a shopping spree over the last several years to beef up its Tivoli identity and access management suite. Over the summer, Big Blue rolled out the results of its acquisition with Consul Risk Management, launching the Tivoli Compliance...
- August 02, 2007
02 Aug'07
Black Hat 2007: New database forensics tool could aid data breach cases
Database security researcher, David Litchfield of UK-based NGS Software will release a free Forensic Examiners Database Scalpel, he says could aid data breach investigations.
- May 22, 2007
22 May'07
Database authentication, encryption getting priority in some businesses
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- May 17, 2007
17 May'07
PCI DSS: The standards should not be lowered
Bob Russo, general manager of the PCI Security Standards Council explains that education is crucial to getting more merchants to comply with the standard.
- December 19, 2003
19 Dec'03
Compliance drives security investments
Federal regulations help boost some organizations' security efforts, but they shouldn't be the sole driver of security.
- April 08, 2002
08 Apr'02
Auditor: There's nothing to fear
Companies shouldn't fear security auditors, but embrace their help and advice in order to make their organizations more secure. That is the message from Neil Jackson, business manager, internal audits, E*TRADE Financial. Recently, Jackson talked to ...