Security Standards

Your source for the latest security standards news.

The notification chain when a breach is suspected
Jul. 02, 2009
A few weeks ago, we provided best practice tips on preserving log data for a forensic investigation. Now that you've got the data set aside for your investigation, who else needs to get involved? Let's discuss the ...

PCI Security Standards Council: Tell us how we're doing
Jun. 24, 2009
The PCI Security Standards Council, which establishes technical standards for the payment-card industry, Tuesday invited broad feedback from both its membership and the public in order to understand the best course to ...

Police to create regional e-crime squads
Jun. 24, 2009
Police forces across the UK are to collaborate to create regional cybercrime squads.

Post-breach, Heartland plans aggressive encryption project
May. 06, 2009
Heartland Payment Systems intends to deploy end-to-end encryption with its merchants to protect its payment processing system from cybercriminals.

New security standard MashSSL builds application trust
Mar. 30, 2009
Application mashups are gaining traction in the enterprise. There's no doubt that productivity can be enhanced when new functionality can be delivered quickly and conveniently by combining information from multiple ...

GP surgery loses thousands of unencrypted patient records
Jun. 15, 2009
A GP surgery in London has lost the details of 7,000 patients after burglars stole an external hard drive and backup tapes.

Information Commissioner offers businesses privacy advice
Jun. 09, 2009
The Information Commissioner has published a guide advising businesses how to protect customer and employee privacy.

Upgrade to Suite B security algorithms
May. 27, 2009
Most companies do not know what level of cryptography is required to properly protect their data lifeblood, nor do they have anyone tasked with assessing the coverage. As a result, most corporations today are not ...

Companies get checklist for complying with PCI standard
Mar. 10, 2009
The organization responsible for administering the Payment Card Industry Data Security Standard is offering new guidance to companies on how to focus their PCI DSS compliance efforts so as to more quickly them in ...

Microsoft reveals some of its cloud security measures
Jun. 03, 2009
Microsoft has published security policies it applies to its cloud services, and sheds some light on what might ultimately develop as industry standards for securing these services.

Security group to consider wireless, virtualization standards for payment-card industry - ...
May. 19, 2009
The PCI Security Standards Council may address requirements related to the use of virtualization and wireless technologies by payment-card handlers.

NIST to weigh in on cloud security
May. 18, 2009
The National Institute of Standards and Technology is going to weigh in on cloud computing and has started by working on a definition of what cloud computing is.

The feeling of greater security tempts us to be more reckless
May. 11, 2009
The recent newsletter - rant, really - about the National Institute of Standards and Technology (NIST) white paper on enterprise password management ('Managing' passwords doesn't make them less unsafe) elicited a number ...

Microsoft to test interoperability of identity protocol
Jun. 03, 2009
Microsoft next month for the first time will participate in SAML 2.0 interoperability testing using its Geneva platform to test against other vendors' implementations of the open standard identity protocol.

Angered by Apple delay, hacker posts Mac Java attack
May. 20, 2009
In an effort to draw attention to an long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.

Heartland earns back spot on PCI-approved list
May. 04, 2009
The processing firm Heartland Payment Systems has been reinstated to Visa Inc.'s list of service providers deemed compliant with the Payment Card Industry Data Security Standard (PCI DSS).

U.S. needs transparent policies for carrying out cyberattacks
Apr. 30, 2009
The notion that the federal government needs to create an arsenal of cyberattack capabilities to help defend U.S. interests in cyberspace is gaining considerable support as concerns heighten about online security ...

A Lesson in Compliance from the Chemical Industry
Apr. 09, 2009
In many ways, the role of the CSO is directly tied to business profitability. By creating and enforcing policies that protect human, physical and intellectual assets, the CSO ensures the very integrity of the ...

Visa pilots new payment card security initiatives
Mar. 20, 2009
Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior Visa Inc. executive Thursday described two new initiatives to reduce payment card ...

How to reduce the high cost of T1 service | NetworkWorld.com Community
Jun. 17, 2009
18Mbps down and 2Mbps up service for 15% of the cost of T1 service, 36Mbps down and 4Mbps up service for 33% of the cost of T1 service

Guide to enterprise password management drafted
Apr. 28, 2009
I hate passwords. I think passwords are a dreadful way of authenticating identity: they cost a lot, they change too often (and so users write them down), the rules for preventing dictionary and brute-force attacks are ...

The first trust infrastructure for mashups
Mar. 18, 2009
It's been a long time since I talked about the identity of anything except people, but we should remember that everything on our networks has an identity - the devices, the services, the applications - even the data ...

Retail standards group to tackle virtualization security in '09
Dec. 18, 2008
In 2009, Payment Card Industry standards may establish technical guidelines for virtualization, end-to-end encryption and card storage.

Opal promising interoperable disk-drive security
Jan. 23, 2009
The Opal security specification from the Trusted Computing Group promises interoperable encryption, authentication and management capabilities for disk-drive manufacturers and security software vendors.

Will Liquid Computing pour cold water over Cisco's ambitious unified computing system? |..
Jun. 22, 2009
With Cisco losing market share across the board, it just might be possible