Public sector

Get started

  • Cloud provider security in spotlight, gives rise to new role

    The big guys already have one -- now smaller cloud service vendors are hiring a cloud-specific security exec to focus on security.Continue Reading

  • The managed security provider comes knocking

    A constantly evolving threat landscape and a deepening skills crisis has more enterprises looking to a managed security service provider for help handling some of their security requirements. The trend is expected to drive strong demand for MSSPs over the next few years, especially in areas like intrusion prevention and detection systems, distributed denial-of-service mitigation, unified threat management and security information and event management (SIEM). Estimates for the overall size of the global market over the next few years range from the low $20 billion to $35 billion. That makes it one of the fastest growing segments in the security industry. What are the factors CISOs need to consider when choosing a managed security provider and what are some best practices for getting the most out of these relationships?

    Enterprises have a range of options for using such services, from managed on-premises or managed customer-premise equipment services to fully outsourced, cloud-hosted options. A hybrid security model has worked for Arlington County in Virginia. The local government's security operations center is managed by in-house engineers who inherently know the network and are better positioned to respond to SIEM alerts from the MSSP. "We preferred the hybrid approach because we had the seasoned staff available to perform this aspect of the security practice," CISO David Jordan said. "It's a positive and successful approach, and the results are repeatable."

    Much of the managed security provider growth is being driven by the need for increased security and compliance measures at small to medium-sized businesses. In this issue of Information Security magazine, we look at the evolution of the managed security provider and the best ways to handle these partnerships.

    Continue Reading

  • PCI assessment

    A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard.Continue Reading

  • Why your company needs the Payment Card Industry Data Security Standard

    If you think Payment Card Industry Data Security Standard is just for merchants, think again. Here's why virtually every company can boost security and address risk issues using PCI DSS.Continue Reading

  • PCI DSS 3.2 marks the end of an era, not of the standard

    Does PCI DSS 3.2 mark the end of major updates to payment security compliance standards? Expert Mike Chapple discusses the update and what it means for organizations.Continue Reading

  • VMware's NSX: Integrator deploys SDN tech at CBOSS

    CBOSS, a payment processing service provider, hired integrator AdvizeX to deploy NSX, the VMware network virtualization platform, as part of a software-defined networking project.Continue Reading

  • Government agency puts cloud computing references to effective use

    Free guides from cloud customer advocacy groups fit nicely into Pension Benefit Guaranty Corp.'s structured approach to cloud.Continue Reading

  • Six areas of importance in the PCI Penetration Testing Guidance

    Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes.Continue Reading

  • From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan

    PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.Continue Reading

  • PoSeidon: Inside the evolving world of point-of-sale malware

    Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it.Continue Reading

  • PCI gap assessment

    A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first step for a merchant seeking to become PCI DSS-compliant.Continue Reading

  • PCI DSS merchant levels

    Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses. Specifically, merchant levels determine the amount of assessment and security validation that is required for the merchant to pass PCI DSS assessment.Continue Reading

  • The optional PCI DSS 3.0 requirements are about to become mandatory

    Organizations need to review the PCI DSS 3.0 requirements and prepare for the mandatory changes coming in June 2015. Expert Mike Chapple explains how to prepare for the deadline.Continue Reading

  • The secrets of proper firewall maintenance and security testing techniques

    The Verizon 2015 PCI Compliance Report cited a lack of firewall maintenance and security testing as major causes for compliances breaches. Expert Kevin Beaver offers tips to successfully manage these tasks.Continue Reading

  • PCI DSS vocabulary quiz

    Take this quiz to test your knowledge of abbreviations related to the Payment Card Industry Data Security Standard (PCI DSS).Continue Reading