October 15, 2009  5:07 PM

End-To-End Encryption -Wouldn’t It Be Nice?

Posted by: Arian Eigen Heald
Data Breaches, data security, information security, PCI

Since Heartland suffered a data breach (disclosed in January), they've become the poster child for end-to-end encryption. This is defined as encrypting card information from the moment it's swiped until it reaches the card issuer. Of course, there may be some motivation provided by the fact that...

August 20, 2009  3:42 PM

Points to Ponder: Reviewing the “SoupNazi” Activities

Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, information security, PCI

By now I'm sure you've heard that Albert Gonzalez is being charged with the attacks on Hannaford, Heartland, 7-Eleven, etc. In between all the excited reporting, are some points that admins and auditors ought to pay attention to. We ought to ponder how this attack is different from attacks in the...

June 30, 2009  5:12 PM

MasterCard Ups the Compliance Quality of PCI DSS

Posted by: Arian Eigen Heald
Compliance, PCI, PCI DSS

I've written before about how the Payment Card Industry's (PCI) Data Security Standard (DSS) has some loopholes that make it easy to look "compliant" and therefore "secure. In order to comply with the DSS requirments, merchants can do one of three options: 1. their own self-assessment report...

June 26, 2009  2:03 PM

The Tangled Ethics of the Payment Card Industry DSS

Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, information security, PCI

I just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).

June 11, 2009  2:50 PM

Storm Clouds Ahead

Posted by: Arian Eigen Heald
Admins and Auditors, cloud computing, Cloud Security, PCI, Privacy

It seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is. The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: