Blog

This is a good read if you missed it – the most recent report by the ever-interesting Verizon PCI and Risk Intelligence Teams on the state of PCI Compliance. It's the usual mix of "no surprise there" moments followed by a few "Huh, really?  REALLY?" sections. Ov ...

By Allen Allison With the rapid adoption of cloud computing technologies, IT organizations have found a way to deliver applications and services more quickly and efficiently to their customers, incorporating the nearly ubiquitous utility-like platforms of managed cloud services companies. The use ...

Last week the Verizon Risk Team released an interesting report in which, among other things, they compared breach result information against norms for PCI DSS compliance. I can't imagine anyone is really all that surprised to see that organizations suffering a serious breach also tended to ...

  The importance of ongoing/continuous PCI DSS compliance processes as an effective means to curb security breaches at a merchant’s site is being touted by many experts in the PCI field lately. Verizon's recommendations also mention this importance in it’s recently released report ...

  The Deadline to comply with PCI DSS requirements, set for Level 1 Merchants by VISA, recently passed on Sept. 30, 2010. However, what we do not yet know is how many of these merchants have successfully met the compliance requirements.   Knowing the ‘path to c ...

A good friend of mine over at NetIQ, Todd Tucker, recently blogged about some of the frustrations he sees when looking at the failure of PCI as a security standard (or rather, the failure of those organizations who pay lip service to compliance) and especially the oddly heavy emphasis given to ...

A good article in InfoSecurity on May 5th on the HITECH act got me thinking (as good articles should) about health records, security, and well, all things HIPAA-ish. I certainly agree with much of what was said, and I think it’s clear that the pressure is ramping up rapidly to not only comply ...