Why cyber security is important in 2013

Today more than at any time in the past we are committed to using the Internet for almost all our business and social needs. Never before have we been so interconnected on such a global scale. Whilst on the one hand this has been enabling and super convenient it has on the other hand exposed us to the risk of fraud or other forms of malicious use of our computer systems on a scale previously unheard of. There have been numerous surveys and reports... [Read More...]

Government IT & Cyber Security Compliance & Regulation Not Enough – The Case for Effective Risk Management

Balancing Government compliance, regulation and security initiatives while helping define and drive your priorities and timelines to manage what can be enormous investments – risk management practices and principles supporting today’s information rich, connected, online present organizations. I am amazed at the number of organizations that continue to take either a lax, or too narrow approach in protecting information assets. I am certain... [Read More...]

Managing Your PCI Audit (Part 2)

Welcome back to our Managing Your PCI Audit & Compliance Blog! By Michael Nelson – PCI Practice Manager See here for Managing your PCI Audit & Compliance blog part 1 By now your organization has chosen a Qualified Security Assessor (QSA) who will be performing PCI compliance assessments, but now when do you schedule the on site visit for the QSA? The answer is simple; once the organization is prepared. As discussed prior in Managing Your... [Read More...]

Preparing for the FACTA Red Flags Rule

Perhaps you have heard about new regulations that the Federal Trade Commission (FTC) has proposed for some time now called the Red Flags Rule.  The Red Flags Rule stems from The Fair and Accurate Credit Transaction Act of 2003 (FACTA).  As of this writing the mandate will be enforced beginning November 1, 2009. FACTA added sections to the Federal Fair Credit Reporting Act intended primarily to help consumers fight the growing crime of identity theft.... [Read More...]

Managing Your PCI Audit (Part 1)

Managing Your PCI Audit & Compliance Blog! By Michael Nelson – PCI Practice Manager PCI DSS compliance has now become a household name for security and IT departments worldwide, potentially having significant impact on those organizations that store or process credit cards. According to the PCI Security Standards Council “All merchants, whether small or large, need to be PCI compliant.” While the security requirements are the same for all... [Read More...]

There Is No Perimeter

Last week I mentioned the myth of the “network perimeter” and alluded to the futility of trying to secure it, and I wanted to expand on that theme a little more.  I frequently find myself working with IT staff that have a mentality of “us vs. them” or “inside the perimeter vs. outside the perimeter” concept of security.  I strongly believe that there needs to be a paradigm shift in thinking from the perimeter based view to one of embedding... [Read More...]

Your Network Is Less Secure Than the Internet!

I frequently have conversations with clients who struggle to understand the need for security controls on internal infrastructure, or why the mandates of certain regulations are important.  I get blank looks often phrases like “but it’s behind our firewall” or “that’s not reachable from the Internet”. There is a pervasive, and fallacious, belief that the Internet is some sort of wild middle-ages like kingdom full of marauding Huns and... [Read More...]

Who’s responsible for the costs of credit card theft?

A recent article in Information Week briefly discusses last weeks reversal by a federal appeals court of a lower court’s order that credit card processor Fifth Third Bancorp did not have to pay for new credit cards for some cardholders whose data was stolen during a 2004 hacking incident at BJ’s Wholesale Club.  The suit was originally brought by the Pennsylvania State Employees Credit Union. Essentially it goes like this.  In 2004 BJ’s Wholesale... [Read More...]