Bringing ERM to PCI: PCI-DSS Risk Assessment Guidelines

In mid-November, the PCI Security Standards Council released its Risk Assessment Guidelines as a supplement to the PCI Data Security Standard (PCI-DSS). Expanding on the requirements outlined in section 12.1.2 of the PCI-DSS, the new document provides further guidance on the techniques and methods organizations should consider when addressing this requirement of the standard. Checking the box on “Do you have a risk management program?” will not be as simple as before.

Payment Security Predictions for 2012 – Part One

Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.

Built-In Data Discovery and Classification = “Awesomesauce”

In case you missed it last week, VMware announced their latest version of vShield App with Data Security, which has RSA’s DLP technology embedded to help discover and classify sensitive data in virtual machines. One of the key points here is that data discovery and classification capabilities are now built-in to the virtual infrastructure, making the virtual infrastructure content-aware for the first time. So you may ask, what’s the big deal about being built-in instead of bolted-on?

Securing Personal Information in the Hospitality Industry

Staying at the Venetian/Palazzo in Las Vegas last week for EMC World, I was struck by the amount of personal information they must be managing for the guests in their 7,000 suites.  Even with repeat guests, they could well average 10 individuals per week per suite, well into the millions of guests per year. And…

Reducing PCI Scope With Tokenization

Even before the recent PCI Community meeting, one of the most frequent questions I’ve been asked is about how tokenization reduces PCI scope. Actually, it is usually a merchant asking specifically about how tokenization helps them reduce PCI scope. I will share three ways that using tokens helps a merchant deal with the costs of PCI.

What’s stopping DLP deployment in Europe?

…corporate secrets comprise two-thirds of the value of a firms’ information portfolios. Despite increasing mandates, custodial data assets aren’t the most valuable in an enterprise. Proprietary knowledge or secrets are twice as valuable as custodial data, and its corporate secrets that help organizations generate revenue, increase profit and maintain a competitive edge. On the other hand custodial data is what is typically entrusted to an organization to protect and regulatory mandates apply to this type of data.