For those interested in new trends in data security breaches, new PCI DSS compliance guideline, and new cost-effective security approaches, there were great insights at the North American CACS ISACA Conference in Orlando on May 10, and at the ISACA Spring Conference 2012 in New York City on April 30th. Both the conference in Orlando Read more
The article, by Jaikumar Vijayan, appeared in Computerworld on April 9, 2012. It concluded despite rising concerns that cyber attacks are growing more and more sophisticated, hackers used relatively simple methods for 97% of data breaches in 2011, according to a report compiled by Verizon. The findings suggest that organizations are overlooking basic precautions even Read more
I agree that “Global Payments has some explaining to do“. Global Payments said “Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.” I want to know what specific actions Global Payments took to improve security and how did they allow those safeguards to Read more
Vaultless Tokenization continues to receive lots of attention from companies that have attempted to use vault-based tokenization and have failed. With Vault-based tokenization, the more data elements that are tokenized, the higher the likelihood of failure. Companies using vault-based tokenization to protect many data fields associated with Protected Health Information (PHI) or Personally Identifiable Information Read more
While some are trying to steal your data outright, others are hard at work creating new ways to gain access to that data through an application. They’re attacking your external applications that collect information, such as your websites, call center programs, and point-of-sales systems. They’re also after the sensitive internal systems that use and store Read more
The cloud is widely recognized as the disruptive technology that is changing the way everyone (from consumers to small businesses to large enterprises) communicates and does business. It comes as no surprise that adoption of cloud-based data storage is on the rise. A December 2010 Cisco study revealed that 52 percent of IT officials surveyed Read more
Last week, in my blog I introduced a concept called Vaultless Tokenization, and I contrasted it against Vault-Based Tokenization. In this blog, I will go into more detail and illustrate the differences. In Vault-Based Tokenization a large database table is used to create lookup pairs that associate a token with an encrypted credit card. The Read more
Cloud Security is always a hot topic. However when I read the article “In the Cloud, a data breach is only as bad as your contract”, I raised my eyebrows. In the cloud, a data breach can occur because you have not taken the proper steps to secure the data. It has very little to Read more
Over the last 3 months I’ve seen an increase in the number of companies that are looking to protect sensitive data with tokenization. This isn’t a surprise in the PCI world, but these companies are attempting to protect personal information (PII) and health related information (PHI) with tokenization. Perhaps the fact that KPMG is expected Read more
With the RSA/EMC breach still in our minds, and also some of the additional breaches that resulted from the RSA breach, including Lockheed Martin. RSA issued a vaguely worded letter about what data that was stolen. It begs the question – what does this all mean? Bottom line is it means these systems are storing Read more