Tag: credit cards

  • How to secure patient data in a healthcare organization

    If you are a HIPAA covered entity or a business associate vendor to a HIPAA covered entity the question of HIPAA – the question of securing patient data is central to your business.  If you are a big organization, you probably don’t need my advice – since you have a lot of money to spend […]

  • Data Classification and Controls Policy for PCI DSS

    Do you run an e-commerce site? Are you sure you do not store any payment card data or PII (personally identifiable information) in some MySQL database? The first step in protecting credit card and customer data is to know what sensitive data you really store, classify what you have  and set up the appropriate security […]

  • Free risk assessment of your web site

    With all the news about credit card breaches, there are probably a lot of people scurrying about trying to figure out the cheapest and fastest way to reduce the risk of some Saudi hacker stealing credit cards or mounting a DDOS attack on their web site. I have written here, here and here about how […]

  • Why data security regulation is bad

    The first government knee-jerk reaction in the face of a data breach is to create more government privacy compliance regulation.  This is analogous to shooting yourself in the foot while you hold the loaded weapon in one hand and apply band-aids with the other. Democracies like Israel, the US and the UK have “a tendency […]

  • Insecurity by compliance

    If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]

  • The root cause of credit card data breaches in Israel

    In my previous post – “The Israeli credit card breach”  I noted that there are  5 fundamental reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security. After reading the excellent article  by Sarah Leibowitz-Dar in the Maariv […]

  • The Israeli credit card breach

    There are 5 reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security“. I  could write a book on mismanagement of data governance and compliance, data security, web server security, web application software security. In 2003, I […]

  • The Microsoft monoculture as a threat to national security

    This is probably a topic for a much longer essay, but after two design reviews this week with medical device vendor clients on software security issues, I decided to put some thoughts in a blog post. Almost 8 years ago, Dan Geer, Rebecca Bace,Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman and Bruce Schneier wrote a […]

  • Will smart phones replace credit cards?

    A recent post “Can smartphones replace credit cards” wonders whether or not consumers are ready to  trade in their plastic for their cell-phone. Mobile payment technology has been around for about 10 years and it has not really taken off in a big way – although there are niche applications.  In Tel Aviv for example, […]

  • SMB are at risk for fraudulent transactions

    Since we often relate to the security of a business through the eyes of our personal data security – it may come of a surprise that a SMB is exposed to data security threats where a personal card holder is protected. Tell your friends and colleagues about us. Thanks!Share this Follow