PCI DDS 3.1 – Managing Migration

It’s nearing a month since the Payment Card Industry Data Security Standard (PCI DSS) 3.0 as officially retired on June 30. PCI DSS 3.1 was swiftly introduced in April 2015 as a response to major security flaws discovered in open source SSL, and the exploits –  including Heartbleed, Shellshock and POODLE – that targeted the […]

Securing Government Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of […]

Auditing Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of […]

HIPAA Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, […]

PCI DSS 3.1 – Countdown For The June 30 Compliance Deadline

Recently, the PCI Security Standards Council issued Payment Card Industry Data Security Standards (PCI DSS) version 3.1 (PCI DSS v3.1), with “minor updates and clarifications” to PCI DSS v3.0, which went into effect on January 1, 2015. The most significant change: PCI DSS v3.1 prohibits the use of any version of SSL for any PCI […]

What You Need To Know Now About The LastPass Hack

On Monday, LastPass announced that it had been the target of a successful data breach.  Here’s what you need to know and do now, if you relied on this extremely popular service to secure and manage your passwords. When was the breach discovered? On Friday, June 12, the the LastPass team discovered and blocked suspicious […]

The State of Data Security Intelligence

The Informatica and Ponemon Institute’s second annual survey on data centric security, “The State of Data Security Intelligence,” has been released. Given the growing number of high-profile breaches, the report’s findings won’t shock anyone. Instead, they will confirm what we all know. That said, the number of organizations who admitted that they have little to […]

Preventing Retail Data Breaches: Defining Best Practices

The National Retail Federation recently presented Congress with a set of solutions aimed at better protecting consumers and helping businesses prevent data breaches. “We should not be satisfied with simply determining what to do after a data breach occurs,” NRF senior vice president for Government Relations David French said in a statement. “Instead, it is […]

Need to Know Now News Roundup: PoS Breaches, Destructive Malware, and Patch Tuesday

POS Breach Bigger Than Reported? Point-of-sale (POS) maker Harbortouch last week disclosed a breach involving “a small number” of its restaurant and bar customers, who were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity is reporting that a major U.S. card issuer has said that the company […]

Healthcare Records Theft On The RIse

Insider negligence is no longer the number one cause of data breaches in the healthcare industry – cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, shows that healthcare information has become a prime target for malicious hackers, with […]