PCI DSS 1.2 – What’s New?

Wednesday, November 19, 2008 12:28:32 AM UTC
by Brennen Reynolds
The PCI Data Security Standard (DSS) has just undergone a refresh. The PCI Security Standards Council released version 1.2 of the DSS on October 1, 2008. The new version must be used by all organizations who begin a new PCI assessment after October 1st. If your organization is currently undergoing an assessment you have until December 31, 2008 to complete it using the previous 1.1 version of the standard. So what changed between 1.1 and 1.2? The following list highlights the major changes in the new standard.

How to Secure your DNS Server

Friday, November 07, 2008 11:36:14 PM UTC
by Daniel de Carvalho
In this article you will learn how to identify and remediate one of the most common DNS vulnerabilities.

SPAM: You've got mail!

Friday, November 07, 2008 10:26:45 PM UTC
by Daniel de Carvalho
How many times has your email inbox been flooded with unsolicited email messages? How many times do you have to say that you do not want Viagra, nor interested in any sort of pharmaceutical drugs offered on these messages? Do you catch yourself sometimes thinking how good it would be if you could get rid of all that spam?

Building a Security Tool Chest - Part 2 - Recon Tools

Monday, November 03, 2008 6:27:50 AM UTC
by Brennen Reynolds
This article is going to cover the first phase of an assessment: information gathering and reconnaissance. I have put together a list of the top 10 most useful utilities and websites I use on a daily basis for security related assessments.

Top Ten Security Requirements for Enterprise Applications

Sunday, October 26, 2008 10:18:45 PM UTC
by Ray Zadjmool
With the rise in focus on security there has emerged a set of security requirements that enterprise software vendors must consider or else they run the risk of watching their sales pipeline come to a screeching halt. The following are ten "must have" requirements that I have come across while doing some proof of concepts:

Trick or Treat: What lurks beneath a Public Access Point?

Friday, October 17, 2008 8:22:01 PM UTC
by Daniel de Carvalho
They are everywhere from Airports to Starbucks, at every corner, users have access to complementary free internet. But have you ever wondered what lurks beneath those innocent hotspots?

International Business and Laptop Security

Friday, October 17, 2008 2:50:36 AM UTC
by Jason Pieters
On more then one occasion individuals entering the United States have been stopped and the content of their laptops or other electronic devices has been inspected. Not only inspected but on multiple occasions had their laptops confiscated. Their files, email, and pictures searched for any contraband. While this may shock some or enrage your sense of civil liberties the courts have upheld these searches in the name of securing our borders. While I do have strong feelings about this I took my thoughts past my opinions and thought about my travels for work.

Building a Security Tool Chest – Part 1 – The Foundation

Friday, October 10, 2008 2:50:18 PM UTC
by Brennen Reynolds
With the seemingly endless number of security products, utilities and information sites available today the thought of putting together a set of tools to perform routine security tasks might seem daunting. It can be, but it doesn’t have to be. Over the next few entries I am going to walk through how someone would put together a security tool chest that can be used for almost all day to day security needs.

Red November: Understanding the Red Flag Rule.

Friday, October 03, 2008 12:47:53 AM UTC
by Daniel de Carvalho
Many may have heard of the Red Flags Rule and know that businesses need to make changes to comply with these rules. However, many institutions are still unclear of how this rule can affect them. On top of that US Financial institutions face a mandatory deadline of November 1, 2008 to comply with 3 new US Fair and Accurate Credit Transactions Act (FACT Act) regulations referred to as the Red Flag rule.

How to Market Your Compliance

Sunday, April 13, 2008 4:26:01 AM UTC
by Nazy Fouladirad
On any day of the week, at any time of the day, if you were to attempt a Google News (or any other news databank) search of the term “ISO compliance,” you will probably find at least one or two press releases from companies announcing their adherence to this international security standard.