PCI DSS is a standard for the card associations not for your business

  I recently saw a post from a blog on a corporate web site from a company called Cloud compliance, entitled “Compliance is the New Security Standard“. Cloud Compliance provides a SaaS-based identity and Access Assessment (IdAA) solution that helps identify and remediate access control and entitlement policy violations. We combine the economies of cloud […]

Tell your friends and colleagues about us. Thanks!
Share this

Data Classification and Controls Policy for PCI DSS

Do you run an e-commerce site? Are you sure you do not store any payment card data or PII (personally identifiable information) in some MySQL database? The first step in protecting credit card and customer data is to know what sensitive data you really store, classify what you have  and set up the appropriate security […]

Tell your friends and colleagues about us. Thanks!
Share this

Is PCI DSS a failure?

A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey.  Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical […]

Tell your friends and colleagues about us. Thanks!
Share this
Identify theft with Dumpster Diving

Rejuvinating Your Credit Muscles After a Mail Theft Attack

I have always been amused by calculations of the cost of identify theft and data breaches as I have written here, here, here and here.   Not surprisingly, security product and service vendors like Symantec, Mcafee and Websense are quick to present statistics regarding the damage to companies due to data breaches of personal information […]

Tell your friends and colleagues about us. Thanks!
Share this

Auditing healthcare IT security and privacy with multiple threat scenarios

Is there a way to break out of the security checklist mentality? IT security auditors commonly use  standard/fixed checklists, often based on the compliance regulation being audited: the HIPAA Security Rule or  ISO 27001 for example; In this article we suggest considering an alternative approach based on generating and analyzing multiple threat scenarios for the […]

Tell your friends and colleagues about us. Thanks!
Share this

How to secure patient data in a healthcare organization

If you are a HIPAA covered entity or a business associate vendor to a HIPAA covered entity the question of HIPAA – the question of securing patient data is central to your business.  If you are a big organization, you probably don’t need my advice – since you have a lot of money to spend […]

Tell your friends and colleagues about us. Thanks!
Share this

Beyond the firewall

Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products […]

Tell your friends and colleagues about us. Thanks!
Share this

Insecurity by compliance

If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]

Tell your friends and colleagues about us. Thanks!
Share this

How to reduce risk of a data breach

Historical data in  log files  has little intrinsic value in the here-and-now process of event response and mediation and compliance check lists have little direct value in protecting customers. Software Associates specializes in helping medical device and healthcare vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and […]

Tell your friends and colleagues about us. Thanks!
Share this

The Israeli credit card breach

There are 5 reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security“. I  could write a book on mismanagement of data governance and compliance, data security, web server security, web application software security. In 2003, I […]

Tell your friends and colleagues about us. Thanks!
Share this