Security and PCI-DSS Compliance

The question of whether compliance makes your networks secure often comes up when performing Payment Card Industry (PCI) Data Security Standard (DSS) remediation and audit work. Many believe that compliance with the PCI-DSS means their networks are secure from exploitation. Unfortunately this is not the case. Passing an independent PCI audit usually indicates reduced vulnerability for those PCI related areas tested, however the PCI segments are usually a small portion of the overall networks.

The payment card industry has one goal in mind and it is not to protect or provide security for your network. Their goal is to protect credit card and card holder data. They do this to limit their potential liability and transfer responsibility for that liability to the entities that provide, accept, use, store or transfer credit card and card user information. That is almost all businesses and many institutions here and around the world. Read more

The Importance of Hiring an Experienced, Qualified Security Assessor for Your PCI-Compliance Audit

With the stiff penalties associated with failure to meet standards set by the PCI Security Council, ensuring that your company remains compliant and avoids security breaches requires regular PCI compliance audits. Hiring qualified security assessors can help you avoid a number of potential pitfalls associated with audits. Opting to hire the most experienced candidates offers a number of benefits, including:

  • Getting it Done Right
    In 2004, CardSystems Solutions was hacked, resulting in 263,000 stolen credit cards and roughly 40 million compromised. This breach occurred despite their security auditor giving them a clean audit just three months prior. Hiring experienced PCI compliance auditors to perform your audits lessens the likelihood of potentially costly mistakes.
  • Continued Security
    Experienced PCI compliance auditors not only understand current standards, but they understand the areas in which the current standards fall short. This allows you to proactively anticipate security risks and protect your customers’ data. Understanding the current problems, as well as the next generation of threats, allows you to remain in compliance and prevent costly security breaches. Read more

Different Types of Incidents that Can Result in Compromised Network Security and Information

Network security is an important consideration for any business that is connected to the internet, but especially for businesses entrusted with sensitive customer information. Penetration testing and PCI compliance are important safeguards for protecting customer data, but what are the ways in which customer data might become compromised?

  • Malware
    Malware is one of the most pervasive network security threats these days. Malware is a comprehensive term to describe viruses, worms, Trojan horses, tracking cookies, and many other types of threats that include malicious code or software that aims to breach your confidentiality. They can be detected and removed with most software security suites.
  • Cybercrime
    While malware attempts to breach your security from inside your computer, cyber criminals attempt to breach your security from afar. Hacking and cyber crime causes tens of millions of dollars in losses every year. One way to prevent cybercrime is to have an IT security professional perform penetration testing on your system to find loopholes and close them. Read more

Using IBM Tivoli Access Manager for Enterprise Single Sign On to Secure your Passwords

A sticky note on your monitor is a good way to remember to bring home a gallon of milk to stay out of the doghouse with your spouse. A sticky note hidden around your desk with all your passwords is a good way to end up in the doghouse with your company’s IT security group!

Let’s face it; it’s hard to remember the passwords for every application we have to use at work. It’s even more challenging when the interval to change passwords is different for every application. Hmmm is my email password myusualpassword12, myusualpassword13 or myusualpassword14?

It’s natural to want an easy way to keep track of them. This leads to insecure things such as using your dog’s name, much easier than remembering X1nP4!e. It’s also easy for someone that knows you to socially engineer that password. Writing the complex password down is easy too. Again simple for someone to flip the keyboard to that sticky note and gain access to your accounts. Read more

Zombie Attrition Process (ZAP)

Zombies are everywhere; they lurk in existing and new systems. These zombies don’t lust after our blood or consume our flesh. It is much worse than that. These zombies can cause companies to fail audits, they can be used for unauthorized access, and worst of all they can cost companies money. Technically we are talking about lifeless accounts that exist on systems and no one knows who they belong to. To us on “Team ZAP” or the Identity Management team these accounts are known as ‘Orphan Accounts’. I don’t know about you, but identifying and removing Zombies just sounds more fun.

Not the kind of Zombies you’re interested in? If you are wondering for how to prepare for the basic flesh eating zombie apocalypse, visit our friends at the Centers for Disease Control.

 

Picture from: http://emergency.cdc.gov/socialmedia/zombies_blog.asp

If you want information on how to deal with Zombie or Orphan Accounts then keep reading. For full disclosure, dealing with Zombies is not for the faint of heart and I am not saying you wouldn’t get your hair mussed. Here at PathMaker Group we don’t mind getting a bit dirty when we deal with Zombies or Orphan Accounts in this proven approach: Read more

Successful Security Projects

Great solutions require strong products, thorough planning and aggressive deployment.

Why close the barn door after the horses escape? or An ounce of precaution is worth a pound of cure. Another one, Why solve a problem that we do not have?

These expressions come to mind when addressing security issues for the premises where we work, our homes, bank accounts, credit cards and anything else of value to us. In this environment where everything is faster and better, comes the need for us to understand the complexity of it. This world is where we live and we need to protect our assets. The expression Nip it in the bud before it becomes a problem is best suited for security. Just by observation, we see exposures and are grateful we saw them first. Read more