News

IT Security Audits

• October 11, 2018 11 Oct'18

  U.S. weapon systems cybersecurity failing, GAO report says

  A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement.

• October 10, 2018 10 Oct'18

  Google security audit begets product changes, German probe

  A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.

• October 18, 2016 18 Oct'16

  Secret Service cybersecurity audit shows 'unacceptable' flaws

  A cybersecurity audit of the U.S. Secret Service found 'unacceptable vulnerabilities' that leave the possibility of insider-threat activity and privacy violations.

• June 10, 2016 10 Jun'16

  Mozilla Secure Open Source Fund to aid developers with audits

  Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.

• January 27, 2016 27 Jan'16

  Congress demands Juniper backdoor audits by government agencies

  Congressional oversight committee wants to know which U.S. government agencies used firewalls that may have been affected by the recently uncovered Juniper backdoor vulnerability.

• September 18, 2015 18 Sep'15

  DHS audit details cyber mission failures and future efforts

  An internal audit of the U.S. Department of Homeland Security has been completed, detailing areas where its cyber mission has failed and what plans are in place to make improvements.

• August 12, 2014 12 Aug'14

  PCI audit conflict of interest problems persist

  Discussing the state of PCI DSS compliance, Gartner's Avivah Litan says the industry still struggles with PCI auditors who both identify PCI problems and sell remediation services to fix them, causing a conflict of interest.

• October 31, 2013 31 Oct'13

  PCI QSA analysis: PCI DSS 3.0 to bring new PCI challenges, benefits

  A veteran QSA believes PCI DSS 3.0 will help both QSAs and enterprises, but says further clarifications are needed to avoid PCI assessment disputes.

• July 25, 2012 25 Jul'12

  Black Hat 2012: Limited release for tool allowing smart meter hacks

  Don Weber of InGuardians is releasing his smart meter hacking tool, but only to utilities, vendors and vendor-vetted researchers.

• March 06, 2012 06 Mar'12

  How to manage the compliance cycle to improve your compliance strategy

  Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue.

• January 31, 2011 31 Jan'11

  Cost of non-compliance outweighs cost of maintaining compliance, report finds

  A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million.

• June 29, 2009 29 Jun'09

  MasterCard increases PCI compliance requirements for some merchants

  Company now requires merchants that process one million to six million transactions annually to have onsite assessment by a PCI QSA. Visa says it won't follow suit.

• April 08, 2009 08 Apr'09

  PCI DSS Q&A: Answering your questions

  Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle of CTG recently joined SearchSecurity.com for a live Q&A to address your ...

• March 05, 2009 05 Mar'09

  PCI QSA assurance program penalizes assessors

  Two firms certified to conduct PCI assessments have been placed into the PCI Council's remediation program for violating the QSA Validation Requirements.

• November 18, 2008 18 Nov'08

  Cybersecurity expert sees PCI DSS problems ahead for retailers

  It could cost millions of dollars for retailers to rip and replace outdated systems and devices still using Wired Equivalent Privacy (WEP) to secure 802.11 wireless networks, according to a security expert tracking cybersecurity in the retail ...