June, 2009


June 30, 2009  5:12 PM

MasterCard Ups the Compliance Quality of PCI DSS

Posted by: Arian Eigen Heald
Compliance, PCI, PCI DSS

I've written before about how the Payment Card Industry's (PCI) Data Security Standard (DSS) has some loopholes that make it easy to look "compliant" and therefore "secure. In order to comply with the DSS requirments, merchants can do one of three options: 1. their own self-assessment report...

June 29, 2009  8:19 PM

Remember the Lowest Common Denominator

Posted by: Arian Eigen Heald
Incident Response, IRT, Physical Security

I recently attended a seminar at a well known southwestern school on building an Incident Response Team. During the discussion about Team membership, management oversight of the Team and related responsibilities, I noticed that the membership of the Team and the Oversight Committee was lacking...

June 26, 2009  2:03 PM

The Tangled Ethics of the Payment Card Industry DSS

Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, information security, PCI

I just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).

June 22, 2009  5:32 PM

Google Thyself

Posted by: Arian Eigen Heald
Google hacking, Identity theft, Privacy, privacy on the web

I have a series of Google Alerts set up to alert me daily on such interesting topics as data theft, data breach, etc., etc., and I have one set up for my full name, or any two parts thereof. I have, as it happens, a very unique name, and should someone...

June 19, 2009  2:05 PM

ATMs that just spit out money – Nice!

Posted by: Arian Eigen Heald
ATM Security, Automatic Theft Machines, Data Breaches

As you may know, one of my favorite posting topics has to do with ATMs. I call them Automatic Theft Machines because there are way too many stories of equipment being hacked, and/or swiping hardware being installed, or people just driving away with them. Well, along comes

June 15, 2009  12:23 PM

Web Bugs and Email

Posted by: Arian Eigen Heald
HTML email security, information security, Privacy, privacy on the web, web bugs

I'm a big advocate of disabling HTML in email messages. The marketing people scream because they can't run their pretty code to sell products and convey appealing images. Other folks love being able to use those nice fonts you can't use with Rich Text for signatures. But a pretty face can't...

June 11, 2009  2:50 PM

Storm Clouds Ahead

Posted by: Arian Eigen Heald
Admins and Auditors, cloud computing, Cloud Security, PCI, Privacy

It seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is. The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....

June 3, 2009  3:36 PM

Web Bugs and Web Privacy

Posted by: Arian Eigen Heald
information security, Privacy, web bugs

A study was just released by the University of California at Berkeley details just how much big business uses web tracking, and how little they appear to care about the privacy of users. This really is not new information....


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: