If you reviewed the impact of the PCI DSS 3.0 changes on your organization two years ago, you might recall a set of requirements marked “Requirement X is a best practice until June 30, 2015, after which it becomes a requirement.” If your response was “Oh, good, we can handle that later!,” you may be realizing that “later” is about to arrive!
When the PCI SSC released the final PCI DSS 3.0 standard in November 2013, they realized that five particular requirement modifications would have an outsized impact on organizations. They provided merchants and service providers with a 20-month grace period to slowly adapt to those changes. Let’s take a look at the five optional requirements that are about to become mandatory and their impact on your organization.
Published April 30, 2015 on SearchSecurity.com
Web browsers are a primary vector for malware attacks that jeopardize network security. These attacks threaten the confidentiality, integrity, and availability of sensitive information. Browser isolation technology mitigates the risk of malware infection by separating the browser from the user and creating a safe browsing environment.
Malware Isolation for Dummies, Published April 2015 by John Wiley and Sons
I had the privilege of spending an hour with the Internet2 NET+ team today sharing some of the lessons we’ve learned during Notre Dame’s cloud journey.
Malware is perhaps the most dangerous threat to the security of the average computer system. Research by Microsoft recently estimated that 17.8% of computers worldwide were infected by malware during a three-month period. That is an astonishing number that underscores the real and present danger posed by malicious software on the modern Internet.
Information technology professionals must educate themselves about the risks posed by malware and use that knowledge to defend their organizations against the malware threat. In this article, we provide background information on malware and describe ways that you can create a defense-in-depth approach to protecting your computing assets.
Read More: Malware Exposed
Published April 5, 2015 in Certification Magazine
Vulnerability scanning plays a critical role in the information security program of any educational institution. Conducting regular security scans ensures that administrators remain aware of the state of security on their networks and allows them to quickly remediate vulnerabilities before an attacker exploits them.
Conducting vulnerability scans consumes network bandwidth and ties up resources on the systems being scanned. In the worst case, these scans may inadvertently result in system outages or other operational issues. IT staff preparing to scan campus networks should follow a set of best practices to protect the integrity of their institution’s information systems. In this article, I offer four tips on operating a safe and effective vulnerability scanning program.
Read More: Tech Tips: Running a Vulnerability Scan
Published March 17, 2015 in EdTech Magazine
Apple Pay, the recently released mobile payment system on Apple’s iPhone 6, is making waves in the security community and being praised for the attention it provides to securing credit card transactions. Tokenization, the technology underpinning Apple Pay’s security model, is not new, but Apple Pay may provide the impetus for this technology to go mainstream.
From the consumer’s perspective, Apple Pay is an ideal way to conduct a transaction with a merchant because it preserves the consumer’s privacy during the transaction. During a normal credit card transaction, the merchant reads the consumer’s name and credit card number from the magnetic stripe on the back of the card. During an Apple Pay transaction, the merchant receives only an anonymized one-time-use code that facilitates the transaction.
Published March 8, 2015 on SearchSecurity.com
Over the past few years, security professionals around the world have undertaken projects to convert their enterprise firewalls to the latest technology – next generation firewalls (NGFW). These systems leveled up firewall technology by providing the firewall with more information – data that provided context about applications and users and allowed the firewall to make more intelligent decisions about network access. It’s now time for intrusion prevention systems (IPS) to make that same leap.
The newestintrusion prevention technology, next generation IPS (NGIPS), is able to incorporate new data sources that dramatically improve the IPS’ ability to protect networks against attack. With these systems, you can incorporate information about your network and applications into your intrusion prevention strategy to build more robust defenses for your organization’s network.
Read more: Context-Aware Intrusion Prevention
Published March 4, 2015 in BizTech Magazine
Legal teams have long played an important role in information security and compliance programs. The expertise that attorneys bring to the table complements the technical subject matter expertise of IT professionals and, when working toward a common purpose, contributes to a well-rounded IT risk management program. In this tip, I look at three different ways that legal teams can contribute to information security efforts in enterprises of all sizes.
Legal departments often find themselves thrust into the middle of enterprise risk management programs for two reasons. First, they are normally privy to many of the sensitive risks facing different areas of the business. Second, many organizational risks are legal in nature, requiring the expertise of an attorney to assist in interpreting laws and regulations and to estimate the impact on the organization should a violation arise.
Published February 27, 2015 on SearchSecurity.com
In the spring of 2014, hackers penetrated the systems of Community Health Systems (CHS), a network of 206 hospitals located across the United States. They made off with sensitive personally identifiable information from over 4 million patients, including names, Social Security numbers, birthdates and employment information.
What happened at Community Health Systems? What can enterprises learn from the breach? This tip looks at the lessons you can extract from the CHS breach to protect your organization’s health information and keep HIPAA regulators at bay.
Read the full story: What the Community Health Systems Breach Can Teach Your Organization
Published February 19, 2015 on SearchSecurity.com
Is your agency prepared for the next revolution in wireless networking? The traditional wireless networks that served agencies well for the past decade are quickly becoming outdated relics in desperate need of upgrading. Today’s mobile user requires ubiquitous high-bandwidth connections throughout an agency’s facilities.
The advent of 802.11ac wireless networking promises to fill that demand by tripling the speed of existing 802.11n networks. Technology advances over the next few years promise to further increase 802.11ac speed by a factor of four until the technology provides 6Gbps wireless connections, compared to today’s 0.5Gbps maximum. 802.11ac achieves this benefit by leveraging several technical enhancements, including the use of the 5 GHz radio spectrum.
Read More: Preparing for 802.11ac
Published February 13, 2015 in FedTech Magazine
Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.