Identity and Access Management

Security and PCI-DSS Compliance

10/24/2011/0 Comments/in PathMaker Group, PCI Compliance, Security Awareness, Security Services, Vulnerability Management/by PathMaker Group

The question of whether compliance makes your networks secure often comes up when performing Payment Card Industry (PCI) Data Security Standard (DSS) remediation and audit work. Many believe that compliance with the PCI-DSS means their networks are secure from exploitation. Unfortunately this is not the case. Passing an independent PCI audit usually indicates reduced vulnerability for those PCI related areas tested, however the PCI segments are usually a small portion of the overall networks.

The payment card industry has one goal in mind and it is not to protect or provide security for your network. Their goal is to protect credit card and card holder data. They do this to limit their potential liability and transfer responsibility for that liability to the entities that provide, accept, use, store or transfer credit card and card user information. That is almost all businesses and many institutions here and around the world. Read more

The Importance of Hiring an Experienced, Qualified Security Assessor for Your PCI-Compliance Audit

10/18/2011/0 Comments/in PathMaker Group, PCI Compliance, Security Awareness, Security Services, Threat Management, Vulnerability Management/by PathMaker Group

With the stiff penalties associated with failure to meet standards set by the PCI Security Council, ensuring that your company remains compliant and avoids security breaches requires regular PCI compliance audits. Hiring qualified security assessors can help you avoid a number of potential pitfalls associated with audits. Opting to hire the most experienced candidates offers a number of benefits, including:

Getting it Done Right
In 2004, CardSystems Solutions was hacked, resulting in 263,000 stolen credit cards and roughly 40 million compromised. This breach occurred despite their security auditor giving them a clean audit just three months prior. Hiring experienced PCI compliance auditors to perform your audits lessens the likelihood of potentially costly mistakes.
Continued Security
Experienced PCI compliance auditors not only understand current standards, but they understand the areas in which the current standards fall short. This allows you to proactively anticipate security risks and protect your customers’ data. Understanding the current problems, as well as the next generation of threats, allows you to remain in compliance and prevent costly security breaches. Read more

Different Types of Incidents that Can Result in Compromised Network Security and Information

10/12/2011/0 Comments/in PathMaker Group, Security Awareness, Security Services, Vulnerability Management/by PathMaker Group

Network security is an important consideration for any business that is connected to the internet, but especially for businesses entrusted with sensitive customer information. Penetration testing and PCI compliance are important safeguards for protecting customer data, but what are the ways in which customer data might become compromised?

Malware
Malware is one of the most pervasive network security threats these days. Malware is a comprehensive term to describe viruses, worms, Trojan horses, tracking cookies, and many other types of threats that include malicious code or software that aims to breach your confidentiality. They can be detected and removed with most software security suites.
Cybercrime
While malware attempts to breach your security from inside your computer, cyber criminals attempt to breach your security from afar. Hacking and cyber crime causes tens of millions of dollars in losses every year. One way to prevent cybercrime is to have an IT security professional perform penetration testing on your system to find loopholes and close them. Read more

Using IBM Tivoli Access Manager for Enterprise Single Sign On to Secure your Passwords

10/11/2011/0 Comments/in Identity Management, PathMaker Group, Security Awareness, Security Services/by PathMaker Group

A sticky note on your monitor is a good way to remember to bring home a gallon of milk to stay out of the doghouse with your spouse. A sticky note hidden around your desk with all your passwords is a good way to end up in the doghouse with your company’s IT security group!

Let’s face it; it’s hard to remember the passwords for every application we have to use at work. It’s even more challenging when the interval to change passwords is different for every application. Hmmm is my email password myusualpassword12, myusualpassword13 or myusualpassword14?

It’s natural to want an easy way to keep track of them. This leads to insecure things such as using your dog’s name, much easier than remembering X1nP4!e. It’s also easy for someone that knows you to socially engineer that password. Writing the complex password down is easy too. Again simple for someone to flip the keyboard to that sticky note and gain access to your accounts. Read more

Successful Security Projects

10/04/2011/0 Comments/in PathMaker Group, Security Awareness, Security Services/by PathMaker Group

Great solutions require strong products, thorough planning and aggressive deployment.

Why close the barn door after the horses escape? or An ounce of precaution is worth a pound of cure. Another one, Why solve a problem that we do not have?

These expressions come to mind when addressing security issues for the premises where we work, our homes, bank accounts, credit cards and anything else of value to us. In this environment where everything is faster and better, comes the need for us to understand the complexity of it. This world is where we live and we need to protect our assets. The expression Nip it in the bud before it becomes a problem is best suited for security. Just by observation, we see exposures and are grateful we saw them first. Read more

EHR Stimulus Incentive

09/14/2011/0 Comments/in EHR Technology, Identity Management, PathMaker Group, Security Awareness, Security Services/by Keith Squires

EHR technology is a medical software that can help your practice keep track of and treat patients more efficiently and effectively. Additionally, many of these technologies, when implemented correctly and used properly, are subject to government incentives, making them affordable to install.

With the Stimulus Incentive Calculator app for the iPhone, you can figure out how much you will earn by using certified EHR software. Using various factors, such as the size of your practice and the number of patients you see per year, this calculator can show you the incentives for which you may be eligible.

To learn more about the benefits of using EHR technology in your practice, contact PathMaker Group. We provide security solutions and identity management servicesw.

Visit our website or call (817) 704-3644.

Leveraging Centralized Log Management in a PCI DSS Environment

09/12/2011/1 Comment/in Identity Management, PCI Compliance, Security Awareness, Security Services, Threat Management, Vulnerability Management/by PathMaker Group

Enterprise environments generate vast amounts of log data on their own before even being required to meet PCI DSS section 10 logging requirements. When taking into account the volume of logs from the large variety of sources across a network it is important to find an effective and efficient manner to address this data. IT departments could easily dedicate one full time employee to this task alone when logs are decentralized across the organization and need to be reviewed, at times, on a daily basis. Admins also face the daunting task of having a working knowledge of the vast array of system interfaces used to access and review this data where it is stored by default. Obviously this configuration is highly inefficient as well as impractical. The only logical solution to meet the PCI DSS required logging volume as well as the review requirements is a centralized log management system. PathMaker Group offers such a solution, built on a SaaS platform, that can provide the necessary functionality, usability, and reporting that PCI DSS requires. Read more

How Can Hospitals and Medical Practices Meet the Requirements for “Meaningful Use” of Certified EHR Technology?

09/08/2011/0 Comments/in Meaningful Use, Security Services/by PathMaker Group

Advanced electronic health record (EHR) technology provides secure and accurate storage of patients medical records and health information that helps physicians offer complete medical care to their patients. Because of the added security that this technology offers, Medicare and Medicaid have implemented financial incentive programs for hospitals and medical practices for the meaningful use of EHR. Here are some guidelines for the parameters of meaningful use:

Meaningful users: EHR incentive regulations state that the only members to have access to the technology are those who will use it for the purpose of patient safety and efficient medical care.
Exchange of information: EHR technology allows medical offices to transfer information quickly and easily for the benefit of quality healthcare. Electronic information may be exchanged between doctors or used for e-prescriptions to ensure the safe distribution of medications.
Yearly demonstration of use: Successful demonstration of meaningful use by trained and qualified medical professionals is necessary in the first year of using EHR technology. These uses include prescription transfers, use of medical records in patient care, and accurate implementation of security features. Read more

Understanding the Basics of SOA Security

09/02/2011/0 Comments/in PathMaker Group, Security Awareness, Security Services, SOA Security/by Chris Fields

Service-oriented architecture (SOA) is a type of software design that allows applications to be integrated as services, allowing for easy management of a company’s operations. However, the level of integration that SOA provides is compromised by the use of standard security features that are traditionally embedded into individual applications. In order to make up for this security deficiency, companies are employing the use of specialized SOA security. The following are some of the features of SOA security that address typical vulnerabilities:

Content Validation: Specialized SOA security ensures that data is only received in the system by trusted users to prevent a forced error by SQL injection that exposes access information.
Time Stamps: Digitally signed security requests can be forged by replicating previously used messages that are valid for other services. Time stamping requests prevent this sort of infiltration.
JavaScript Protection: This is a defense that prevents hackers from using JavaScript to input data visible by users from the client end. System scans detect and remove these malicious scripts. Read more

PCI Updates

01/07/2011/0 Comments/in PathMaker Group, PCI Compliance, Security Awareness, Security Services, Strategic Planning, Vulnerability Management/by PathMaker Group

I thought i would take a few minutes to wish everyone happy holidays and a very prosperous 2011. I also noticed that I hadn’t blogged in a while so I thought I do a little of that…

This blog provides a few updates and observations related to the following:

PCI DSS v1.2.1 to PCI DSS v2.0 transition – very well defined, except for the cut-over date. The bottom line is that the PCI SSC is encouraging all merchants and service providers to convert as soon as possible, but at the same time saying everyone has until New Years Eve 2011 (one year).
PCI DSS and PA-DSS v2.0 Scoring Templates – QSAs can’t plan their projects without the new Scoring Templates. This will stall migrations.
Sampling And ASV Scanning Do Not Mix – this wasn’t a like a free lunch but some still manage to screw it up…
PCI DSS Timeline Clarification Read more