Feed on
Posts
Comments

Category Archive for 'Compliance'

Out of scope, remediate or replace

In any PCI DSS project there is always the ongoing debate of what solutions to implement to reach compliance. In general there is three ways to reach compliance: Out of scope, remediate or replace. Getting a solution out of scope is rather often the easiest way to reaching compliance. As described in my previous blog […]

Read Full Post »

PCI DSS Scoping

During my years working with PCI DSS I rather often get the question how much it costs to become PCI DSS compliant. That is of course not an easy question to answer but adding to that is that the scoping issue had most of the time not been addressed at all. The scoping of a […]

Read Full Post »

PCI DSS is a very interesting compliance framework. It may be very prescriptive describing exactly what to do but when you really understand it you see that it is mainly telling you what to look for in a mechanism and how to measure that it is actually effective. It is here that most companies fail. […]

Read Full Post »

Log files are mainly used for investigative reasons but there is a secondary usage of logging and that is performance analysis. Just recently I helped a hospitals surgery to pinpoint where they could be more effective by importing the log files into an analysis tool, using user identity to identify who did what and then […]

Read Full Post »

One of the most often forgotten mechanisms of all kinds of security practice is tools used for investigation, log files and forensics. It is all good and well to have mechanisms that deter, detect and takes action but if something happens will you know what happened and, more important, who was the one who did […]

Read Full Post »

And so it has started…

In a Swedish article today they describe a case of skimming at an unmanned gas station. This has become rather common nowadays with new cases found weekly. This is just in line with my previous posting on the subject. One would suspect that more of the oil companies would have updated their payment systems but […]

Read Full Post »

PCI DSS Fines increasing

Forrester reports are always interesting to read. I cannot say that I trust them all of the time but they do often point in the right direction. Just recently I found a report showing the % of retailers in US that have been fined, currently 8% with 27% more that have been threatened with fines. […]

Read Full Post »

PCI DSS and Fraud

I have worked several years with PCI DSS and even if I am not as experienced as some QSAs I know I do have a kind of experience they don´t, working with security from a business angle. In one assignment we were looking into several possibilities to make the client PCI DSS compliant. One of […]

Read Full Post »

Sadly not. There are a number of compliance frameworks out there now; PCI DSS, SOX, HIPAA, HITECH, Part 11 and you name it. It is a rather interesting fact that there are as many consultants being specialized in that one or the other without having the faintest idea that they are all the same! Take […]

Read Full Post »

In a swedish article today some interesting figures is shown from bank transaction frauds, including credit card frauds: • 600-700 M SEK was lost 2008 (60-70 M EUR) • 1% of the grown up population was affected (60 000) • 84% got their money back partly or in full FI, Finansinspektionen, the authority responsible for […]

Read Full Post »

« Prev - Next »