Device Hardening and Continuous Compliance MonitoringCONTINUOUS COMPLIANCE

IT Compliance Articles

Read articles from industry experts New Net Technologies to find out about best practices in keeping your IT systems secure.

The U.S. Department of Defense announced on Monday that it has created a new Vulnerability Disclosure Program to help guide researchers on how to report security flaws found in the DoD’s public websites.

With the exception of Role-Based Access Control (RBAC), File Integrity Monitoring (FIM) is the only PCI requirement that achieves security in its purest form; prevention of, or alerts on, deviation from a known-good baseline.

customer-online-security

Tesco, Target, eBay, Office – all major retailers with a significant online presence and always seeking to understand what their customers want to buy, how they want to buy it, and what would make them buy more. The delivered retail experience and an intimate understanding of consumer psychology are where the retail battles are fought in 2014.

pci-dss-pos-breach

The interesting thing about the breach reported by Vancouver-based Information Systems & Supplies Inc. is that it highlights the responsibility now borne by 3rd party suppliers to PCI merchants. Remote access services such as LogMeIn or TeamViewer provide superb levels of functionality equivalent to a direct Remote Desktop session, and, naturally, are highly secure in their architecture and operation.

PCI Compliance projec

Most organizations will turn to a QSA when undertaking a PCI Compliance project. A Qualified Security Assessor is the guy you need to satisfy with any security measures and procedures you implement to meet compliance with the PCI DSS so it makes sense to get them to tell you what you need to do.

PCI DSS Version 3

PCI DSS Version 3 will soon be with us. Such is the anticipation that the PCI Security Standards Council have released a sneak preview ‘Change Highlights’ document.

FIM solutions

Using FIM, or file integrity monitoring has long been established as a keystone of information security best practices. Even so, there are still a number of common misunderstandings about why FIM is important and what it can deliver.

FIM for PCI DSS

Simplest is still best - whether they are software-based (as in the so-called 'Dexter' or 'VSkimmer' Trojan - Google it for more information) or classic hardware interception devices, card skimming is still a highly effective means of stealing card data.

tokenization

I was recently sent a whitepaper by a colleague of mine which covered the subject of tokenization. It took a belligerent tone regarding the PCI DSS and the PCI Security Councils views of Tokenization, which is understandable in context - the vendors involved with the whitepaper are fighting their corner and believe passionately that tokenization is a great solution to the problem of how best to protect cardholder data.

If you haven’t yet been asked ‘The auditors want us to...’ or ‘The auditor suggested...’ or ‘...wants to know how we...’ the likelihood is, you will be soon!

Following the Tesco Bank attack that left 9,000 Tesco customers with £2.5 million in fraudulent transactions, the UK banking sector enacted contingency plans that enable members to share critical intelligence information in hopes to prevent these kinds of attacks.

NNT Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.