Regulatory Reality:

cyber security

1

August 21, 2012  2:21 PM

Has PayPal lost its collective mind?



Posted by: David Schneier
checking account, checks, credit, credit card, cyber security, data security, hack, hacker, hackers, hacking, identify theft, identity management, identity theft, information security, NPPI, password, password theft, phish, phishing, PII, privacy, regulation, regulations

I'm not much of a shopper.  I decide what it is I need/want to buy, assess the market place to determine quality and price and once I have a generally strong sense for both make a decision and move forward.  My wife on the other hand loves the constant trolling, scouring and scouting of just...

July 29, 2012  6:39 PM

Credit Card Breaches: The times they need a changin’



Posted by: David Schneier
ATM, bank, banking, banks, breach, checking account, community bank, credit, credit card, cyber security, data security, evidence, financial institutions, hack, hacker, hackers, hacking, id theft, identity theft, information security, network, oversight, PCI, personally identifiable informaiton, PII, regulation, regulations, Security, security breach, theft

If my blogging about credit card breaches has a bit of a deja vu feel to it you're not crazy, I last touched on it less than six months ago.  Sadly I was handed a new update this week in the form of my bank card being cancelled from right out underneath me again.   For those of you keeping score...


June 17, 2010  3:36 PM

Should it be this easy to bypass network security?



Posted by: David Schneier
cyber security, firewall, information security, network, penetration test, penetration testing, Regulatory Compliance, vulnerability

A few weeks back, I went online to pay my cable bill.  There's a long story behind the struggles I've had in doing so since becoming a customer, but I'll save that for another time.   Part of the longer story, though, involves my bookmarking the sign-on page where I can access my account and make...


April 8, 2010  2:24 PM

Online identify theft: One victim’s story



Posted by: David Schneier
cyber security, id theft, information security, password, password theft, phish, phishing, Regulatory Compliance, scam, Security, security awareness

Last month I blogged about a phishing attempt that landed in my inbox.  The email account belonged to someone named Rebecca Keen who I had never heard of before (or so I believed at the time).  As I was finishing writing that post, I received a follow-up email from the same person indicating...


December 11, 2009  5:29 AM

Security threats: Old news isn’t good news



Posted by: David Schneier
Audit, compliance, cyber security, Regulatory Compliance, Security, threats

I just finished reading through the most recent report from Verizon Business, which offers a deeper dive into the most common security breaches identified during 2008 and quite frankly, I’m concerned.  Turns out that there’s very little new to worry about beyond what we...


July 17, 2009  1:58 PM

Does compliance equate to secure?



Posted by: David Schneier
Audit, compliance, cyber security, FFIEC, GLBA, PCI, regulations, Regulatory Compliance, Security, SOX

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...


July 8, 2009  3:45 PM

How’s about a federally mandated Information Security Assessment?



Posted by: David Schneier
Audit, compliance, cyber security, FERC cyber security, GLBA, NERC, Regulatory Compliance, SOX

I had a eureka moment recently that I’d like to share.

In considering the implications of the recently announced changes by MasterCard that will now require PCI Level 2 merchants to be assessed by a Qualified Security Assessor (QSA) it occurred to me...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: