Aug 20, 2014 | Information Security
First, what is continuous monitoring? By definition, it’s the process of continually monitoring your systems. Businesses monitor systems for different reasons, IT Operations Teams continuously monitor systems for availability to end-users. “Hackers”...
Aug 20, 2014 | Information Security
In the wake of the 2012 Distributed Denial of Service (DDoS) attacks against Financial Institutions, tt was recently announced by the FFIEC (Federal Financial Institutions Examination Council) that Banks must defend themselves against DDoS attacks. FFIEC Statement...
Aug 20, 2014 | Information Security, ISO27001
I have people ask me all the time about Security Assessments, benchmarking their Security Program, what the best framework is, etc. I usually point them to ISO27001 as framework to benchmark and measure their Information Security Program. ISO27001 is commonplace in...
Aug 20, 2014 | eCommerce Fraud Prevention
In 2012, Account Takeover (one mechanism of conducting Fraud) accounted for $4.9 Billion in consumer and merchant losses, which is a 69% increase from 2011 according to “2013 Identity Fraud Report: Data Breaches Becoming a Treasure Trove for Fraudsters”...
Aug 20, 2014 | Risk Management
Risk Assessments are required by various compliance and regulatory mandates but they also help us prioritize our Security Initiatives. However, too often I see Risk Assessments completed using a check-the-box mentality and the assessment eventually turns into a...
Aug 20, 2014 | Compliance, eCommerce Fraud Prevention, Payment Card Industry
The Tokenization, PCI and Fraud Prevention Puzzle Tokenization and Fraud Prevention are complimentary security tactics in any eCommerce environment. Tokenized payment architecture is a necessity to minimize PCI scope, while fraud prevention is a central building block...
Aug 20, 2014 | eCommerce Fraud Prevention, Information Security, Professional Services, Risk Management, Splunk
The Problem According to Internet Retailer eCommerce Fraud costs e-tailers 3.5 Billion dollars annually (www.internetretailer.com/2013/03/28/online-fraud-costs-e-retailers-35-billion-2012), and many of the tools used in IT Security can help to prevent fraudulent...
Aug 20, 2014 | Audit, Compliance, Information Security, Payment Card Industry
The much anticipated PCI-DSS 3.0 is out, and the new Self Assessment Questionnaires (SAQ’s) have been released. We’ve had a lot of questions over the last month about what new changes actually mean to Merchants. One notable introduction is the SAQ-A EP for...
Aug 20, 2014 | Compliance, Information Security, Risk Management
I’ve always been a believer of the saying – “If you can measure it, you can manage it”! Metrics seem to be first thing Security Professionals think of, but usually the last thing to be implemented–understandably so because you need to...
Aug 20, 2014 | Compliance, Information Security, Risk Management
Every morning I wake up I scroll through my list of news feeds to see which company is disclosing a data-breach. This morning I woke up to Edward Snowden’s passport on the defaced EC Council website. As I understand it, this wasn’t EC Council’s first...