A guide to cloud encryption and tokenization

Cloud adoption shows every sign of continuing to grow. The sharing of resources helps businesses achieve savings and agility based on economies of scale but there’s a …

Compliance is no guarantee of security

The regulatory landscape is constantly evolving. For example tougher new EU data protection laws are scheduled to come into effect over the next year or two. These new …

NIST announces security framework… yawn

Let me start out by saying that I have a bias against regulatory compliance standards; especially those that are non-specific, not prescriptive, require voluntary cooperation …

Penetration testing: Accurate or abused?

According to a recent Ponemon study, since 2010 cybercrime costs have climbed 78% and the time required to recover from a breach has increased 130%. On average, U.S. …

Four reasons why audits matter

We live in a world where assurance is a precious commodity. People with bad intentions are getting smarter every day as evidenced by the recent compromise of nearly 40 million …

Merchants showing payment security awareness

ControlScan and Merchant Warehouse have jointly released the results of their survey of Level 4 merchants’ awareness, sentiment and progress toward securing cardholder …

PCI DSS 3.0 is now available

Today the PCI Security Standards Council (PCI SSC) published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS). …

Retail sector slow in adopting new PCI standards

Tripwire announced the results of research on risk-based security management in the retail industry, and the news isn’t good: the majority of the retail sector is yet to …

What to expect with PCI DSS 3.0

The PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) 3.0 change highlights, as a …