Top Infosec Links for 2015

Posted: December 14th, 2015
Filed under: Around the Web
Tags: , , , , , , , , , , , , ,


The end of 2015 approaches and we’d like to share some of the most popular links related to infosec.

Read the rest of this entry »

No Comments »

Around the Web – Week 10, 2012

Posted: March 9th, 2012
Filed under: Around the Web, IIS & HTTP


This week on the performance front:

Indications that Twitter is using SPDY.  With one of the Internet’s most popular sites on board, who will be next to switch over to the faster protocol?

In the world of information security:

We saw the introduction the Cybersecurity Bill “SECURE IT Act” (Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act) to the Senate, which doesn’t suggest any additional regulations for info security and would distance the government from protecting the private sector.  Others suggest the Department of Homeland Security should be involved.  What do you think the governments role in information security should be?

David Spark writes, “The bad guys are really good at sharing information to break into us. We’re really not that good at sharing information to prevent them from breaking into us.”  Should we be sharing incident data?

Finally, this week showed us a some browser vulnerabilities in  Google Chrome and IE9.  Google offered up cash rewards and credit for finding their bugs.  Microsoft? Not so much.

No Comments »

Around the Web – Week 9, 2012

Posted: March 5th, 2012
Filed under: Around the Web


 

This past week brought us a few good stories on the importance of site performance.

Walmart did a study to determine how page speed affected conversions and sales.  There were some interesting outcomes here:

How Page Speed Correlates to Business Metrics at Walmart.com

 

The New York Times published a piece on user’s responses to page speed:

For Impatient Web Users, an Eye Blink Is Just Too Long to Wait

 

Page load data and tools for  testing your site’s speed:

Making a Fast Website

 

Stories coming from RSA Conference.

Dwayne Melancon, CTO of Tripwire, suggests companies assess their assets and ask,“What is the value of each asset to my business and how does that change over time? How does it look when things are good, OK, and bad?”

Know Your Assets and How Their Threat Level Changes Over Time

 

News on the IIS front.

IIS 8

And Scott Forsyth reported new information on IIS 8:

What’s New in IIS 8

 

No Comments »

PCI DSS Compliance Matters

Posted: February 27th, 2012
Filed under: Around the Web, Web and Application Security
Tags: , , , , , ,


In 2011, 89% of organizations with payment card data loss were not Payment Card Industry Data Security Standard compliant at the time of the security breach.  These types of breaches can lead to monetary loss for the customer and for a company; in the case of the former, there is also the possibility of reputation loss – which may be a far worse and lasting negative effect.

Ten Ways to Avoid Costly PCI Compliance Violations

The first tip for avoiding costly PCI Compliance violations (in the above piece) is familiarization with the requirements themselves.  With the complexity and severity of security breaches always growing, it is crucial to know and understand the security standards required to store, transmit or process payment cardholder data.  While the 75 page PCI DSS “Requirements and Security Assessment Procedures” document may be somewhat daunting in its requests and exhaustive calls for  implementation, it can be simplified to:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

When you break down these main categories, there are 12 provisions to achieve PCI DSS compliance.   Not only are these requisite provisions for PCI Compliance, but they are a great template for security for any type of business.

Getting Started with the PCI Data Security Standard>>>

A while back we posted the following PCI quick tips, which are still applicable:

Do:

  • Encrypt cardholder data.
  • Use products that are approved for the PCI standard.
  • Understand the concept of compensating controls.
  • Organize PCI compliance as an on-going, cross-functional project–not as a one-time event.
  • Understand your cardholder information business process from end to end.
  • Take the time to read and understand the PCI Data Security Standard.

Don’t:

  • Store unnecessary cardholder data beyond receiving the authorization code.
  • Be lulled into thinking that you would not be a target for criminals.
  • Try to create your own crypto solutions.
  • Assume your vendor is protecting you.

Through all the preparation and planning, let’s not forget that PCI DSS does not make a company immune from attack.  It can and does still happen – after all, a determined hacker can bypass any security.  This is why PCI DSS Compliance, and security as a whole, must be treated as an ongoing processes with a time investment in-line with how much your company values staying in business.

 

No Comments »

PCI Quick Tips

Posted: November 12th, 2010
Filed under: Around the Web
Tags: ,


Do:

  • Encrypt cardholder data.
  • Use products that are approved for the PCI standard.
  • Understand the concept of compensating controls. Read the rest of this entry »
No Comments »