August 20, 2009 3:42 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Data Breaches,
information security,
PCIBy now I'm sure you've heard that Albert Gonzalez is being charged with the attacks on Hannaford, Heartland, 7-Eleven, etc. In between all the excited reporting, are some points that admins and auditors ought to pay attention to. We ought to ponder how this attack is different from attacks in the...
June 30, 2009 5:12 PM
Posted by: Arian Eigen Heald
Compliance,
PCI,
PCI DSSI've written before about how the Payment Card Industry's (PCI) Data Security Standard (DSS) has some loopholes that make it easy to look "compliant" and therefore "secure. In order to comply with the DSS requirments, merchants can do one of three options:
1. their own self-assessment report...
June 26, 2009 2:03 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
information security,
PCII just finished reading an absolutely terrific article from a sister auditor who is now on my short-list of must-reads. She's got a great name (Gunn) and a killer sense of humor (sorry, I could NOT resist).
June 11, 2009 2:50 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
cloud computing,
Cloud Security,
PCI,
PrivacyIt seems like every big vendor is pushing for business to "use the cloud." Only now are we starting to see some questions arise in the general media about how secure cloud computing is.
The short answer is: it's not. Intrinsically, whoever has physical ownership of your hardware has your data....
