Compliance with information security regulations is supposed to be, as the most recent iteration of the PCI DSS (Payment Card Industry Data Security Standard) puts it, "business as usual."
Taylor Armerding | 21 Mar | Read more
Don't expect credit card security – or lack of it – to be magically transformed when the new year dawns on Jan. 1, 2015, the deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) 3.0.
Taylor Armerding | 22 Aug | Read more
IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
Jennifer Lonoff Schiff | 18 Sep | Read more
If you think the phrase "It's in the cloud" means that your data resides on the Internet and is thus accessible everywhere equally, think again. Most infrastructure-as-a-service (IaaS) cloud services share the same residence model as traditional hosting and outsourcing deployments -- they live in specific data centers in specific geographies. This means that customer data is generated and most likely stored in this physical location, giving it legal and privacy implications.
James Staten | 19 Apr | Read more
There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.
Jim Hietala | 07 Jan | Read more
Have you noticed that many of the firms suffering high profile, serious, and expensive information security breaches have nonetheless been 'compliant' with certain laws, regulations, or standards? Consider the case of credit card processor Heartland Payment Systems, which recently suffered the unauthorized disclosure of over 100 million credit card and debit card transactions. The firm handles the transactions of over 175,000 merchants. Hundreds of banks have already had to reissue cards as a result of the breach. Note that Heartland was, at the time, certified as fully Payment Card Industry (PCI) compliant. Many other organizations that fall under various Federal, state, and industry regulations are continually experiencing breaches as well.
Charles Cresson Wood and Kevin Beaver | 06 Aug | Read more