22 March 2010
This is an interesting one. More and more merchants are looking at the rogue AP detection requirements of the PCI DSS from a technical solution angle. Makes sense right? Why pay a consultant each quarter to do a rogue AP sweep when you can implement a Wireless Intrusion Prevention System like Motorola AirDefense or AirTight and [...]
Posted in Wireless Security0 Comments
05 March 2010
Good lord I laughed hard when I watched this. Hitler, Cloud Computing and PCI DSS Pretty geeky, but it sums it up well. My favourite: “You gave it a .4! What does that even mean?!?”
Posted in Uncategorized0 Comments
15 January 2010
An interesting post from blog.elementps.com on the difficulties of franschise models and their impact on the paths of responsibility for PCI DSS compliance. From a branding standpoint, franchisors have a lot to lose if one of their franchisees falls victim to a breach. Depending on the level of media attention the breach garners, one for a [...]
Posted in Uncategorized0 Comments
13 November 2009
The marketplace has expressed a growing interest in pursuing data field encryption (also known as end-to-end encryption) of card data. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the “clear.” Importantly, data field encryption renders cardholder data useless to criminals in the event of a merchant data breach.
Posted in Encryption0 Comments
30 October 2009
Found a very neat and succinct way of defining the difference between VA and Pentesting. During a vulnerability assessment an environment is assessed to determine if known vulnerabilities can be identified. Penetration testing goes a step further by attempting to exploit these identified vulnerabilities. The difference between the two, in terms of identifying a need within [...]
Posted in Definitions2 Comments
26 October 2009
I’m continually amazed at how often HIPS is confused with FIM. I guess I shouldn’t be. Here’s a simple definition: File Integrity Monitoring (FIM): FIM established a baseline value for the content, presence, and permissions of files on a system (application, binaries, config files, documents – they are ALL FILES). If a change is detected, an alert [...]
Posted in Host Security3 Comments
26 September 2009
I know that this is fairly old news, but the rate of take up of wireless in the enterprise space makes it worthy of attention, and indeed the first real post on this blog. I guess it was always going to happen. The fruit is hanging far to low with wireless networking for it not to [...]
Posted in Uncategorized, Wireless Security0 Comments
Target: Interestingly, it was on a PCI DSS training course...
Manesh: There is some other FIM apps available
NetIQ Ch...
lyalc: However, some FIM products doo includes HIPS featu...
admin: Thanks for the comment Brad. I had a look around b...
Brad J Garland: Thanks for continuing this discussion. We look at...
© 2010 pcimaven.com. Powered by Wordpress.
