I attended the 2010 RSA Conference in San Francisco last week. As expected, one of the major themes resonating throughout the conference keynotes, sessions, and exhibit hall was the opportunity we have as security professionals to help secure increasingly virtualized and cloud-based infrastructures....
Posted to
Security Webb
by
Renee Bradshaw
on
Mar 12, 2010
Filed under:
Filed under: Security, Data Breach, PCI DSS, PCI Standards Council, Compliance, RSA, PCI, RSA Conference, Verizon Breach Report, RSA 2010, PTS, PCI Standard, PA-DSS, Bob Russo
After my last post on human error, and how it contributes to significant data breaches, I haven’t been able to get the idea out of my head. It should come as no surprise that we have found that companies may have the best security tools and resources available, yet still experience large breaches...
Posted to
Security Webb
by
Renee Bradshaw
on
Feb 17, 2010
Filed under:
Filed under: Security, Data Breach, PCI DSS, Insider Attack, Ponemon Institute, PCI Standards Council, Compliance, Secure Configuration Manager, Malicious, PCI, computer crime, non-malicious insider, malicious insider
It’s that time of year; the auditors are out and organizations across the globe are assessing their security posture. To be compliant or not to be compliant… that is the question that auditors and security teams alike are out to answer. In the past, Active Directory has often been overlooked...
Just read this from BankInfoSecurity , on the class action suit against Heartland with respect to the breach that occured last year. What I think is interesting is that the statement by Bob Carr regarding PCI compliance and security is now apparently being used as a proof-point that Heartland knew their...
Yesterday and today we ran a couple of events for our current customers on the upcoming release of Secure Configuration Manager (Version 5.8). As usual there were a lot of good questions and activity, which of course is the whole point of these Qmunity events. I think the enthusiasm and interest speak...
Earlier this week we launched a new version of NetIQ Directory and Resource Administrator 8.5 (DRA 8.5). In this release we focused on enhancing our auditing and reporting capabilities. We know that the mandate to achieve, demonstrate, and maintain compliance is an increasing challenge for enterprise...
This is a fascinating piece by Brian Prince at eWeek. It's so interesting because it highlights two fundamental issues and areas of contention around both security and compliance and it does it very succinctly. First, there's the omni-present undercurrent of discontent around compliance mandates...
One of the areas I see a lot of organizations struggle with is managing exceptions to configuration policy, especially in a rigorous, well documented way that doesn't, frankly, make their security and compliance teams crazy. Let me give you an example. Say you're a hotel chain, or a retailer...