Demonstrating compliance with PCI DSS is far from a trivial exercise. Are you sure you can document your organization's compliance with the new 3.0 standards?
Managing compliance and risk has become one of the most torturous assignments in the enterprise, particularly for those that must adhere to the ever-increasing challenge of industry, state and federal regulations.
The aviation authority instructed operators to take "interim action" to prevent loss of AC electrical power, until a software fix is available.
EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.
Sprint Communications has agreed to pay $15.5 million to the federal government for charging law enforcement agencies for surveillance upgrades.
NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."
Retired Senior Executive,CIA - Insider Threat Detection, Larry Knutsen, will review the evolution of U.S. policy on insider threats and what they mean to your organization.
A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.
Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.
A Russian man who was arrested in Spain on suspicion of cyber fraud reportedly will be extradited to the U.S. within the next few days.
The Obama administration has set another record for withholding government files under the U.S. Freedom of Information Act.
The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.
Today there are more options for securing enterprise data than ever before. Yet with so many approaches, choosing the best fit isn't always an easy decision.
President Obama told Reuters that cybersecurity requirements proposed by China need to change if the country wants to do business with the U.S.
The rules, approved Thursday, ban ISPs from charging for internet "fast lanes," or blocking legal internet services.
Virtualization changes everything. The agility and cost efficiencies enabled by virtualization and the cloud are beneficial, as long as you understand why virtualization requires different security.
President Obama imposed sanctions against North Korea, a medical services provider will be forced to pay a "neglect" penalty over HIPAA violations, the House passed the Intelligence Authorization Act, and other security news.
The DHS will gain more control - and federal cybersecurity likely will be improved - when a FISMA update is passed, reports Lee Sustar.
In an attempt to put the issue to rest, the agency warned businesses against blocking guests' personal hotspots.
The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.
Identity is a critical component of proving compliance. Whether complying with industry regulations or security best practices, your auditors need to know who has access to what servers and data as well as who exactly did what, where and when.
A panel held during the annual NRF conference discussed ways that retailers could bolster security.
Last October, the FCC came after Marriott with a $600,000 fine.
New Jersey Governor Chris Christie signed the legislation last Friday.
The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.
Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.
The alliance defined specifications for devices, servers and client software that will help usher in the "post password" era.
The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.
The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.
Veterans Affairs has failed an annual cybersecuirty audit for the 16th year in a row, a new report reveals.
Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services.
When a care provider supplied laptops to its roving employees, it added a security solution to enable efficient collaboration. Greg Masters reports.
Whether it's for PCI compliance or HIPAA assessments companies follow the conventional model of point-in-time certification accompanied by a costly and painful annual review and correction process.
The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.
The FCC launched an investigation last year after a consumer complained of the practice.
Needing more than signature-based remedies, First Financial Bank found a way to close the gap between what exists and what's possible. Greg Masters reports.
The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."
We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.
The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.
The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.
The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.
As a precaution, the ID theft protection service has removed the app from the App Store, Google Play, and Amazon Apps.
The Federal Trade Commission banned the retailer from misrepresenting its abidance in an international security framework
The agreement marks the largest HIPAA settlement to date.
Is there such a thing as an exchange of secure information in an insecure world?
A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.
Introduced Tuesday, the Digital Privacy Act includes stiff penalties for organizations that fail to adequately respond to breaches.
Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.
The Federal Trade Commission has charged 12 companies with falsely claiming to comply with the U.S.-EU Safe Harbor Framework.
GRC is at once the biggest pain point (arguably) of most large organizations and the most important task that does not usually get done right.
Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.
While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton.
So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.
In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.
A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.
Business associates of HIPAA-covered entities are now legally bound to follow the same guidelines when securing patients' protected health information.
There are a few key things every business should consider to truly improve data security.
Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.
The promise of governance, risk and compliance technology is alluring, but getting it to work effectively is a different story, reports Alan Earls.
The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.
Facebook has released its first-ever transparency report, a document breaking down the number of worldwide government requests for data on users. Not surprisingly, the U.S. is far and away the leader.
The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.
To effectively mitigate mobile risk, organizations should employ the same content security capabilities, and ideally leverage the same content policies and rules in mobile environments.
White House offers incentives for critical infrastructure companies participating in cyber security program
The tentative list of incentives would entice companies to participate in the "Cyber Security Framework," a measure that aims to help the nation stave off industrial attacks.
To address today's threats, companies require a high degree of convergent perspective, information expertise, and coordination between personnel and groups.
An upcoming update of a credit card standard offers an opportunity to assess overall security, says Symcor's Della Shea. James Hale reports.
Finding each sensitive document and email in a massively growing data center is near impossible, but finding all of them requires a simpler strategy.
Most companies actually require only a small IT operational team, and can greatly reduce the costs associated with ensuring compliance and security.
According to a Citizen Lab report, security firm Blue Coat also may have violated U.S. sanctions that bar the sale of technologies to countries with a history of human rights grievances, such as Iran, Syria and Sudan.
A study has found that 40 percent of IT security professionals weren't sure if their organizations were compliant with laws governing mobile data.
There are a number of organizations out there that ask for — and often receive — access to data on both successful and unsuccessful attacks on your technology infrastructure.
In order to achieve implementation throughout the various units of a business, a chief compliance officer must be put in charge of coordinating the security pros running the network to the managers all the way up to the boardroom.
Unfortunately, data security and regulatory compliance requirements do not evaporate in the public cloud, says Vormetric's Ashvin Kamaraju.
As interest in the public cloud remains strong, a security expert makes sense of new recommendations for securing payment card data in those environments.
Sportswear retailer Genesco is suing Visa after the credit card company imposed more than $13 million in fines.
When it comes to credit card fraud, the hospitality industry has offered an attractive target for cyber criminals. Now, one trade group is helping these properties overcome security and compliance hurdles with a new framework.
Lawmakers have begun debate on the controversial threat information-sharing bill known as CISPA, which would complement the president's cyber security executive order. But it has a host of privacy objections to clear first.
The Payment Card Industry Security Standards Council (PCI SSC) released recommendations for card data security and compliance in cloud environments.
Depending on an organization's size, managing the attack surface isn't as simple as checking items off a list.
The council charged with administering the PCI standard has documented common vulnerabilities in online payment environment and offered suggestions for installing technology to deter threats.
Bryant Bell, senior product marketing manager of Guidance Software, sits with SC Magazine reporter, Danielle Walker, to discuss some of the benefits of having legal counsel in the security industry.
January is a good time to plan. It's the start of a new year and those things that seemed so far away in December are suddenly right around the corner.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules undergo their biggest changes since the legislation was passed in 1996.
It's time for an anthropological approach that protects users based upon enablement, not disablement.
A highly regulated debt collector from the U.K. needed to achieve compliance, but it wanted to scrap all of the point solutions on which it traditionally relied.
Compliance brings with it the stigma of cost, complexity and confusion, but viewing it from a risk point-of-view may help make it more tolerable.
We all know what we spend internally, but how do we get reliable, timely information for comparison purposes?
The Center for Copyright Information attributes the push back to Hurricane Sandy-related testing delays.
The PCI Security Standards Council, the body that manages payment security industries guidelines, on Friday released a methodology for meeting a risk management requirement included in the standard.
A South Carolina attorney has amended a lawsuit to include compliance assessor Trustwave as a defendant, opening the door to whether a security provider can be held liable for a breach at a customer's site.
At SC Magazine's Chicago security conference, professionals from various industries aimed to simplify strategies for tackling security guidelines and regulations.
Video game players are used to fending off alien invaders, but the IT staff at Electronic Arts (EA) was challenged to reduce cyber risk within its own environment.
At a recent SC Magazine Rountable, information security and compliance professionals discussed how changes in technology are leading to an evolution in their roles.
Policies form the cornerstone of the information security program and are instrumental for enforcing global consistency, driving change and launching enterprise programs.
In a major victory for organizations that have sustained massive losses due to unauthorized transactions made by hackers, an appellate court has ruled in favor of a Maine construction company against its bank.
Global companies facing a slew of regional laws, as well as small and midsized companies required to meet regulatory demands, need governance, risk and compliance solutions.
In 1854, an English physician was one of the first to use an epidemiological method to ID disease risk. Ben Sapiro of the Dominion of General Insurance Co. wants his peers to do the same with security.
Sign up to our newsletters
SC Magazine Articles
- Zero-day in Fiat Chrysler feature allows remote control of vehicles
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- United reportedly hacked by same group that breached Anthem, OPM
- All smartwatches are vulnerable to attack, finds study
- Security concerns raised at Windows 10 roll-out
- Report delves into RAT videos on YouTube
- Tor Project, Library Freedom Project to establish Tor exit nodes in libraries
- PagerDuty requires password change for all customers following breach
- Cisco: Attackers innovating, evading defenses in first half of 2015
- Does Windows 10 Wi-Fi Sense spell end of private wireless networks?