Monthly ArchivesMay 2012

Data as a Gravity Well standard

Las Vegas hosted one of EMC’s premier events, EMC World. While this show is primarily IT focused, RSA (the Security Division of EMC) makes a presence every year. This year was my second to attend, and even though the location was the same, there was a big difference in this year’s average IT attendee—they showed a tremendous interest in Security! In fact, our booth at EMC World was PACKED on Monday evening. We nearly hit our goal of visitors for the whole show on the first day! Security and compliance had a track in the breakout sessions, and if you went to Sanjay’s keynote, you may remember our CISO getting up on stage to talk about some of the security ...

Continue Reading

Where is your first line of defense? standard

I recently attended a fantastic roundtable put on by Financial Times in New York and as I’m sitting listening to a group of folks that specialize in anti-money laundering and fraud, one person stated that people detected the vast majority of fraud or money laundering with tools playing a supporting role. By itself, this seems to be a bit damning toward the technical sector essentially stating that they aren’t any good at detecting fraud. Or at least their tools aren’t any good. But technology has always played a catch-up role when compared to human intuition. It could be simple things like highlighting the right statistical inconsistencies for analysts or complex things like playing chess against the world’s best, but we’re ...

Continue Reading

Guest Post: Will the new QIR Program Move the Needle? standard

The following is a guest post by Steve Levinson, PCI Goon. You can contact him here. The PCI (Payment Card Industry) Council (PCICo) has pointed their elbow in the direction of those responsible for installing payment applications. PCICo issued a press release yesterday announcing the PCI Qualified Integrators and Resellers (QIR) program. The QIR program is designed to improve the quality of the integrator/reseller community often tasked with installing and maintaining payment systems. Is this the silver bullet we’ve been waiting for? According to the release, the PCI Council is in the process of rolling out this program to train and certify software resellers and system integrators. The Council will list those certified organizations and individual employees on their web ...

Continue Reading

Why the Public Cloud Shuns Security standard

Did I just use a tactic to get you to click on this? Maybe. It sure is a punchy headline. I bet it stirs up some emotion on both sides of the transaction: cloud providers that are tired of working with auditors and security professionals that are tired of explaining to business analysts why regulated data can’t live inside a public cloud. I spoke at the North Texas Cloud Security Alliance chapter last Friday, and I had a great question from the back of the room. Paraphrasing, if security is a requirement for certain use cases, why do public cloud providers sell services without security controls? Man, that is a question I wish more people would ask. There are two ...

Continue Reading

Top 10 PCI Requirements for Interpretation standard

OK folks, here’s an opportunity for you all! In advance of the third edition of our book slated for a July release, PCI Compliance, I wanted to offer up a free service to those of you dealing with PCI DSS on a daily basis. I’m going to do a detailed analysis of ten requirements for you! Here’s the best part… You get to pick the ten I analyze! Which requirements give you the most trouble? Which ones do you think are getting a bad rap, or are being interpreted too harshly? Tell me! I’ll take the top 10 that people want interpreted and put a series together over the next few weeks with detailed analysis. Throw your suggestions down in ...

Continue Reading

Fun with Password Managers standard

I actually started following my own advice a couple of years ago and started creating random passwords for each site that I use that requires a login. Yep, no more “Password123!” for me, it’s all random. But that poses another problem. How do I store these things in a way that is secure and readily available since I don’t have an eidedic memory? Enter Apple’s Keychain! Hooray! I’m now able to store these things relatively securely and make them quickly available for me if I need to log in somewhere. In some cases, I memorize the passwords if I have to use them frequently, but in most cases, I just grab it from Keychain. Every time someone asks me to ...

Continue Reading

April 2012 Roundup standard

What was popular in April? We had Facebook all over the news with its billion dollar purchase of Instagram (do the math, $1B with 23 employees = some rich dudes) and IPO announcement, the Call for Papers for RSA Europe opened, and the security conversation seems to be continuing its momentum from RSA US! Here are the five (ignore the first one) most popular posts from last month: RSA Conference 2012, Are You Ready? OK, you guys, for real. I finally figured out why this was the most popular post. Barney Stinson is the reason. Go look at it and you will know why (and the search term that is somehow leading all kinds of unsuspecting people here). So I’m ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!