Bringing ERM to PCI: PCI-DSS Risk Assessment Guidelines

In mid-November, the PCI Security Standards Council released its Risk Assessment Guidelines as a supplement to the PCI Data Security Standard (PCI-DSS).   Expanding on the requirements outlined in section 12.1.2 of the PCI-DSS, the new document provides further guidance on the techniques and methods organizations should consider when addressing this requirement of the standard.   As…

Safe Online Holiday Shopping Beyond Cyber Monday – Podcast #244

Great deals abound online for holiday shoppers during the hottest time of year where e-commerce merchants are looking to cash in on what is projected to be a US$1.25 billion spending spree just on Cyber Monday alone.  Where the money goes, so do cybercriminals who are also looking to make illicit gains of their own…

Emerging Threats and Account Takeover Fraud Needs an Innovative Defense Approach

By Amy Blackshaw, Senior Product Marketing Manager, RSA Identity Protection & Verification One of the most difficult challenges for financial institutions today is preventing account takeover fraud in the face of advanced Trojans. In fact, the total number of account takeover attempts reported by financial institutions has more than tripled since 2009, according to survey…

Protecting Banking Users from Online Account Takeover – Podcast # 243

Amy Blackshaw, Sr. Product Marketing Manager for RSA’s Identity Protection and Verification business talks about the burgeoning issue of Account Takeover fraud of online bank accounts through malware and sophisticated attacks. Amy also discusses new features being introduced in the newest version of the RSA Adaptive Authentication solution to help banks and their customers protect…

’Tis the Season for Online Shopping: Why You Should Give Your Debit Card a Break

Let’s all go and do some on-line shopping!!  The holidays are upon us and wouldn’t you know it, the retailers are trying to entice us by moving up their online sales to match or even precede the traditional Black Friday deals.  You have to admit, it is pretty convenient to be able to replace the…

Where’s my Data?

According to a recent report by Icomm Technologies, 70% of cloud data centers keep customers in the dark about storage locations. To me that is a pretty scary statistic particularly as organizations are rapidly deploying cloud storage services and there doesn’t seem to be any evidence that organizations that have sensitive or confidential data are…

ISF Congress, Columbus, Apollo 13 and the Security Evolution

Captain’s log: Star date: 11.6.2012 Location: just on the edge of the Illinois galaxy in the Chicago quadrant Subject: Information Security Forum Congress   I am not a Trekkie but I thought this was an apropos beginning for my blog coming out of the 2012 ISF Congress.  This is one of my favorite conferences in…

BYOD Checklist Part 2

Here’s the second installment for the BYOD checklist as promised : Ensure end-users are responsible for backing up personal data Clarify lines of responsibility for device maintenance, support and costs Require employees to remove apps at the request of the organization Establish that the company will disable a device’s access to the network if a…

Securing the Mobile Enterprise

We are seeing a fundamental shift in the way IT is consumed, and subsequently secured, and it’s mostly driven by mobile. The recent SBIC report, “Realizing the Mobile Enterprise: Balancing the Risks and Rewards of Consumer Devices,” highlights these shifts. “A huge benefit of mobile devices is the user interface…This is simply how people want…

Keep Calm, Analyze On: The Role of the Analyst in Detecting and Monitoring for Advanced Attacks

I was quoted recently in a piece that was featured in Dark Reading that discussed the idea of monitoring environments to detect persistent adversaries.  It was a solid article and I stand behind my contribution especially my comments on the importance that the analyst (not the tools they have or are using – though those…