Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.
GRC is at once the biggest pain point (arguably) of most large organizations and the most important task that does not usually get done right.
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.
While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton.
So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.
In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.
A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.
Business associates of HIPAA-covered entities are now legally bound to follow the same guidelines when securing patients' protected health information.
The promise of governance, risk and compliance technology is alluring, but getting it to work effectively is a different story, reports Alan Earls.
Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.
There are a few key things every business should consider to truly improve data security.
The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.
Facebook has released its first-ever transparency report, a document breaking down the number of worldwide government requests for data on users. Not surprisingly, the U.S. is far and away the leader.
The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.
To effectively mitigate mobile risk, organizations should employ the same content security capabilities, and ideally leverage the same content policies and rules in mobile environments.
The tentative list of incentives would entice companies to participate in the "Cyber Security Framework," a measure that aims to help the nation stave off industrial attacks.
To address today's threats, companies require a high degree of convergent perspective, information expertise, and coordination between personnel and groups.
An upcoming update of a credit card standard offers an opportunity to assess overall security, says Symcor's Della Shea. James Hale reports.
Finding each sensitive document and email in a massively growing data center is near impossible, but finding all of them requires a simpler strategy.
Most companies actually require only a small IT operational team, and can greatly reduce the costs associated with ensuring compliance and security.
According to a Citizen Lab report, security firm Blue Coat also may have violated U.S. sanctions that bar the sale of technologies to countries with a history of human rights grievances, such as Iran, Syria and Sudan.
A study has found that 40 percent of IT security professionals weren't sure if their organizations were compliant with laws governing mobile data.
There are a number of organizations out there that ask for — and often receive — access to data on both successful and unsuccessful attacks on your technology infrastructure.
In order to achieve implementation throughout the various units of a business, a chief compliance officer must be put in charge of coordinating the security pros running the network to the managers all the way up to the boardroom.
Unfortunately, data security and regulatory compliance requirements do not evaporate in the public cloud, says Vormetric's Ashvin Kamaraju.
As interest in the public cloud remains strong, a security expert makes sense of new recommendations for securing payment card data in those environments.
Sportswear retailer Genesco is suing Visa after the credit card company imposed more than $13 million in fines.
When it comes to credit card fraud, the hospitality industry has offered an attractive target for cyber criminals. Now, one trade group is helping these properties overcome security and compliance hurdles with a new framework.
Lawmakers have begun debate on the controversial threat information-sharing bill known as CISPA, which would complement the president's cyber security executive order. But it has a host of privacy objections to clear first.