In mid-November, the PCI Security Standards Council released its Risk Assessment Guidelines as a supplement to the PCI Data Security Standard (PCI-DSS). Expanding on the requirements outlined in section 12.1.2 of the PCI-DSS, the new document provides further guidance on the techniques and methods organizations should consider when addressing this requirement of the standard. Checking the box on “Do you have a risk management program?” will not be as simple as before.
The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached.
Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.
In case you missed it last week, VMware announced their latest version of vShield App with Data Security, which has RSA’s DLP technology embedded to help discover and classify sensitive data in virtual machines. One of the key points here is that data discovery and classification capabilities are now built-in to the virtual infrastructure, making the virtual infrastructure content-aware for the first time. So you may ask, what’s the big deal about being built-in instead of bolted-on?
Staying at the Venetian/Palazzo in Las Vegas last week for EMC World, I was struck by the amount of personal information they must be managing for the guests in their 7,000 suites. Even with repeat guests, they could well average 10 individuals per week per suite, well into the millions of guests per year. And [...]
Let’s use the RSA Conference as a starting point for changing our thinking in 2011
Five years from now, I think we will look back at 2010 as the beginning of a revolution in the way merchants interact with credit card data.
Even before the recent PCI Community meeting, one of the most frequent questions I’ve been asked is about how tokenization reduces PCI scope. Actually, it is usually a merchant asking specifically about how tokenization helps them reduce PCI scope. I will share three ways that using tokens helps a merchant deal with the costs of PCI.
…corporate secrets comprise two-thirds of the value of a firms’ information portfolios. Despite increasing mandates, custodial data assets aren’t the most valuable in an enterprise. Proprietary knowledge or secrets are twice as valuable as custodial data, and its corporate secrets that help organizations generate revenue, increase profit and maintain a competitive edge. On the other hand custodial data is what is typically entrusted to an organization to protect and regulatory mandates apply to this type of data.