The twelve PCI DSS requirements are some of the most well-known compliance points for companies that interact with customer payment data during the course of normal business practices. Meeting compliance standards can often times be a time consuming and challenging task for organizations. Below, we detail four heavy-hitting wins that help set a PCI deployment for future success. Defining (or Redefining) the Scope The PCI scope encompasses any device or host on an enterprise network that comes into contact with cardholder data. Depending on the size of the organization’s network, the scoping of the PCI environment could be a relatively…
Author: ISBuzz Team
Secure payment technology start-up ScramCard raises seven-figure private investment to fund international growth and expansion in the USA, UK and Australia ScramCard, a secure payments and identity protection solution provider, has secured a seven-figure private investment from Stewart Milne CBE, Chairman of the Aberdeen based Stewart Milne Group, and Chairman of Aberdeen Football Club. ScramCard provides a viable and convenient alternative to less secure contactless and Chip and PIN card payment methods, that makes shopping online, in-store or remotely more secure. Founded by Simon Hewitt, a former Chief Security Officer with over 30 years of international experience in information security…
Unfortunately and unsurprisingly, website breaches have become an everyday occurrence. In fact, hacked websites have become so common that typically only the biggest data breaches capture enough attention to make headlines. Experts have known this eventuality was coming and honestly, the prediction was easy. All one had to do was look at the pervasiveness of web use in modern society, the amount of data and money being exchanged online and read any industry report about the volume of vulnerabilities exposed on the average website. With this information in hand, the final magic ingredient is a motivated adversary willing to take…
Bill Berutti, BMC Software offers his opinion on how retailers must prepare for possible outages, and cyber attacks, and the challenges that lie ahead for the CIO specifically in this challenging weekend. Retailers are gearing up for the biggest shopping day of the year – Black Friday and Cyber Monday – with online sales expected to hit (£966 million in the UK / €188 million in France / €332 million in Germany), according to RetailMeNot. With such a high volume of demand, many retailers have had to swiftly upgrade their e-commerce offerings to prepare for possible outages. [su_note note_color=”#ffffcc” text_color=”#00000″]Bill Berutti, President…
A second security issue has been found in Dell devices. The new problem – similar to the first – could leave users’ personal information vulnerable, researchers backed by the US government said. Dell said it had again released a fix, after doing the same for the first problem earlier this week. In response to this news security experts from Rapid7, Certivox and Tripwire have the following comments. [su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire : Craig Young has come up with a simple test for eDellRoot certificate. When clicking on the following link, if your system is secure you…
Major customer data breach due to malware in their POS system, and many other high-profile hotel breaches recently (Starwood, Trump Hotels) – where are the hotels going wrong? This week also saw the discovery of one of the most sophisticated retail PoS malware ever, ModPos, just in time for the holiday shopping season. Are we likely to see more PoS breaches in the coming days and weeks? What can businesses and consumers do to protect themselves? Security experts from Proofpoint, Voltage, and Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Mark Bower, Global Director of Product Management, Enterprise Data…
San Jose, Calif., city officials confirmed a distributed denial of service (DDoS) attack on the San Jose Police Department website and possibly other IT assets, making services unavailable to users. According to reports, the attack began as early as last Thursday, Nov. 5, and was said to be resolved early this week. As a San Jose PD spokesperson acknowledged, this attack is part of a growing trend of cyber-based attacks that continue to increase. Imperva issued the following commentary and advice that other government agencies and organizations of all types can take from this event. DDoS expert Tim Matthews, vice…
The number of data breaches that have happened since 2005 is larger than most people realize. With dozens happening every year and increasing in frequency from year to year, this has been a huge problem for corporations for over a decade. Companies like Target, Anthem, and Living Social lose millions of customers’ data every time it happens. This big data full of personal information is a goldmine for hackers who want to commit identity theft. If data breaches are so serious, it’s hard to imagine that better protection hasn’t become available. Unfortunately, a number of factors come into play when…
Provider advises that without correct practices, DR technology can be money down the drain Without proper practices in place behind them, even the most sophisticated disaster recovery solutions could prove to be unfit for purpose according to disaster recovery (DR) specialists Databarracks. Peter Groucutt, managing director at Databarracks, comments: “Business continuity is the responsibility of the entire business, whereas disaster recovery usually relates specifically to IT. IT teams have been guilty in the past of thinking about disaster recovery purely in terms of the technologies they use but that’s only half the story. The industry has progressed rapidly over the…
Unique local cyber-attacks and international cooperation with criminal groups in Eastern Europe, unsound government security and vague legislation, theft of money and private data, direct offensive ops on local victims and criminal-to-criminal services. For the first time Kaspersky Lab shares its intelligence on the human side of underground cyber-criminal activity. The first report in the Cyber Underground series reveals the hidden life of cyber-criminals in Brazil, a country ranked among the most dangerous for digital citizens. Biting the hand that feeds Unlike cyber-criminals in other countries, who in general do not respect borders and operate globally, Brazilian cyber-criminals are focused…