HNS MAIN FEED
Saturday, 00:37 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Compliance
Compliance: 10 most recent
(show all)
| PCI Sample Encryption Key Management Documentation (Compliance) Here is a sample set of encryption key management procedures for a fictitious application. These can be used as a guide to create encryption key management documentation for other applications that would be compliant with PCI DSS requirement 3.6. |
| SOX, Lies and Security Matters (Compliance) When it comes to compliance, it’s fairly easy to find out what companies need to do to achieve it. But it’s much harder for companies to find out how they should go about it. |
| Application Security Matters: Deploying Enterprise Software Securely (Compliance) This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk. |
| Payment Card Industry Mandate Stresses Importance of Web Application Security: Recommended Becomes Required (Compliance) On June 30, another refresh of the Payment Card Industry (PCI) Data Security Standards (PCI DSS) will upgrade Web application security testing from a best practice to a mandatory practice. The deadline forces merchants and vendors to take a closer look at application-layer security and emphasizes its importance in fighting increasing online threats. |
| Change and Configuration Solutions Aid PCI Auditors (Compliance) Managers responsible for IT compliance need to understand that credit card companies hold merchants accountable for not only protecting stored consumer data, but also securing the network transport layer and on-going processes to validate compliance. Due to the never-ending amount of network device change and configurations, it is nearly impossible to determine exactly when a device actually becomes non-complaint. PCI auditors are not only on the lookout for non-compliant devices, but also for a well thought-out security process that is currently implemented, tracked and well documented. This is where an automated change and configuration management system can really assist. |
| PCI DSS Compliance: A Difficult But Necessary Journey (Compliance) The need to comply with the Payment Card Industry Data Security Standard (PCI DSS) has been a rude wake up call for thousands of companies who believed their networks are secure and safe from security breaches. |
| Log Management in PCI Compliance (Compliance) The importance of effective and efficient log data management in payment networks cannot be under emphasized. In fact, the result of data mismanagement can be devastating. |
| Designing a PCI-Compliant Log Monitoring System (Compliance) Log monitoring activities are an integral part of Requirement 10 of the PCI Data Security Standard and it can be difficult to understand how the different logging portions of Requirement 10 interrelate. Despite this fact, some organizations are seeking to redesign their PCI logging environment in order to best accommodate the PCI requirements. In this article we will examine a few key design points for architecting a log monitoring and management system that would be compliant with PCI Requirement 10. |
| Compliance, IT Security and a Clear Conscience (Compliance) Organizations today must prove beyond a shadow of a doubt that not only do they have a security program in place, but that it is enforced and is consistent across your organization. Information technology departments play a key role in this endeavor. Shortcomings in IT policies can have potentially serious consequences. |
| How To Prepare For a Security Information and Event Management Deployment (Compliance) SIEM's (Security Information and Event Management) software takes input logs and alerts from a range of systems (firewalls, routers, anti-malware, servers, etc) and informs IT teams of unusual occurrences which warrant further investigation. The system also safeguards the data for subsequent audit needs and for compliance-aligned reporting. |
Compliance: most read articles