PCI

Bringing ERM to PCI: PCI-DSS Risk Assessment Guidelines

Written on November 28, 2012 by Steve Schlarman

Comments

In mid-November, the PCI Security Standards Council released its Risk Assessment Guidelines as a supplement to the PCI Data Security Standard (PCI-DSS). Expanding on the requirements outlined in section 12.1.2 of the PCI-DSS, the new document provides further guidance on the techniques and methods organizations should consider when addressing this requirement of the standard. Checking the box on “Do you have a risk management program?” will not be as simple as before.

Don’t Just Tokenize Your PCI Data…PII and PHI Can Be Perfect Candidates Too!

Written on September 27, 2012 by Identity and Data Protection Beat

Comments

People tend to associate tokenization with payment card data, debit and credit card numbers. And while this has been the main use case for the technology, this is not the only use case.

Learning to cook – Bake a Trusted Cloud Part 2

Written on April 17, 2012 by Rashmi Knowles

Comments

Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.

Time to Push the Reset Button?

Written on April 12, 2012 by Payment Security Focus

Comments

Payment security is back in the public eye with the recent disclosure of a cardholder data breach at a leading US payment processor. While initial reaction to this latest incident has been unfortunately predictable, characterized by plenty of uninformed speculation, outrage, and a general lack of understanding of the workings of the payments industry, the story that is ultimately written about this latest incident might be one that is completely unexpected.

Payment Security Predictions for 2012 – Part Two

Written on February 6, 2012 by Payment Security Focus

Comments (One)

In our last post, we made some pretty safe predictions about how the payment security landscape will evolve this year. Now let’s make a few more daring predictions about what might happen in the coming months:

Payment Security Predictions for 2012 – Part One

Written on January 10, 2012 by Payment Security Focus

Comments (One)

Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.

Ghosts of Compromises Past

Written on December 21, 2011 by Payment Security Focus

Comments (One)

In the past several weeks, I have read two recent data breach accounts that suggest that many retailers may need their own visits from the ghosts of the past to realize that they need to change their ways.

Tokenization: An Alternative Form of Data Protection – Podcast# 232

Written on December 20, 2011 by SOS Podcast

Comments

  Host Michelle Adams-Dixon talks with Liz Robinson, Senior Product Marketing Manager for RSA about tokenization – an up and coming alternative to more traditional means of data protection. Podcast: Play in new window | Download